Wolfgang Klinger

**Name of the Vulnerable Software and Affected Versions** TYPO3 CMS versions prior to 10.4.57 TYPO3 CMS versions 11.0.0 through 11.5.51 TYPO3 CMS versions 12.0.0 through 12.4.46 TYPO3 CMS versions 13.0.0 through 13.4.31 TYPO3 CMS versions 14.0.0 through 14.3.3 **Description** A path allowance check in the `isAllowedAbsPath()` function of `GeneralUtility` uses a plain string prefix comparison that does not require a directory separator boundary. This allows paths that start with the same characters as the project root but are actually different directories (e.g., `/var/www/html-other/secret.yaml` when the root is `/var/www/html`) to be accepted as valid. Administrator users with access to the File Abstraction Layer can exploit this to create new file storage definitions pointing to directories outside the project root. **Recommendations** Update to version 10.4.57 or later. Update to version 11.5.52 or later. Update to version 12.4.47 or later. Update to version 13.4.32 or later. Update to version 14.3.4 or later.