GHSA-p2h4-7fp3-cmh8

Source

https://github.com/advisories/GHSA-p2h4-7fp3-cmh8

Import Source

https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2024/05/GHSA-p2h4-7fp3-cmh8/GHSA-p2h4-7fp3-cmh8.json

JSON Data

https://api.test.osv.dev/v1/vulns/GHSA-p2h4-7fp3-cmh8

Published

2024-05-30T18:13:02Z

Modified

2024-12-05T05:44:51.663909Z

Severity

5.3 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N CVSS Calculator

Summary

TYPO3 Disclosure of Information about Installed Extensions

Details

It has been discovered that mechanisms used for configuration of RequireJS package loading are susceptible to information disclosure. This way a potential attack can retrieve additional information about installed system and third party extensions.

Database specific

{
    "severity": "MODERATE",
    "github_reviewed": true,
    "cwe_ids": [
        "CWE-200"
    ],
    "nvd_published_at": null,
    "github_reviewed_at": "2024-05-30T18:13:02Z"
}

References

Affected packages

Packagist / typo3/cms-core

Package

Name: typo3/cms-core
Purl: pkg:composer/typo3/cms-core

Affected ranges

Type: ECOSYSTEM
Events: Introduced

8.0.0

Fixed

8.7.23

Affected versions

v8.*

v8.7.7

v8.7.8

v8.7.9

v8.7.10

v8.7.11

v8.7.12

v8.7.13

v8.7.14

v8.7.15

v8.7.16

v8.7.17

v8.7.18

v8.7.19

v8.7.20

v8.7.21

v8.7.22

Packagist / typo3/cms-core

Package

Name: typo3/cms-core
Purl: pkg:composer/typo3/cms-core

Affected ranges

Type: ECOSYSTEM
Events: Introduced

9.0.0

Fixed

9.5.4

Affected versions

v9.*

v9.0.0

v9.1.0

v9.2.0

v9.2.1

v9.3.0

v9.3.1

v9.3.2

v9.3.3

v9.4.0

v9.5.0

v9.5.1

v9.5.2

v9.5.3