Name of the Vulnerable Software and Affected Versions TYPO3 (affected versions not specified)

Description The issue allows execution of arbitrary shell commands if the "From" header comes from a non-trusted source and no "Return-Path" is configured. This is specifically related to the swiftmailer library used in TYPO3 installations where the configuration option $GLOBALS['TYPO3 CONF VARS']['MAIL']['transport'] is set to "sendmail". Installations with the default configuration are not affected.

Recommendations For TYPO3 installations with the configuration option $GLOBALS['TYPO3 CONF VARS']['MAIL']['transport'] set to "sendmail", consider changing the transport configuration to a safer option until a fix is available. As a temporary workaround, consider configuring a "Return-Path" to minimize the risk of exploitation.