Daniel Schönfeld

**Name of the Vulnerable Software and Affected Versions** TYPO3 versions prior to 9.5.38 TYPO3 versions prior to 10.4.33 TYPO3 versions prior to 11.5.20 TYPO3 versions prior to 12.1.1 **Description** Requesting invalid or non-existing resources via HTTP triggers the page error handler, which retrieves content to be shown as an error message from another page, leading to a scenario where the application calls itself recursively. This amplifies the impact of the initial attack until the limits of the web server are exceeded. **Recommendations** Update to version 9.5.38 ELTS or later Update to version 10.4.33 or later Update to version 11.5.20 or later Update to version 12.1.1 or later