CVE-2021-38623

Name of the Vulnerable Software and Affected Versions deferred image processing extension versions prior to 1.0.2 for TYPO3

Description The issue allows for Denial of Service via the FAL API due to disk consumption in the /var/transient directory. This occurs because of the wrong usage of the TYPO3 FAL API, which results in copies of processed files being saved to the /var/transient/ folder on every frontend request. This can lead to the webspace being filled up with image files by crafting a large amount of requests to the website.

Recommendations For deferred image processing extension versions prior to 1.0.2, update to version 1.0.2 or later to resolve the issue. As a temporary workaround, consider restricting access to the /var/transient directory or implementing measures to limit disk consumption in this directory until the update is applied.