PT-2024-40065 · Typo3 +1 · Typo3 +1
Published
2024-05-30
·
Updated
2024-05-30
8.1
High
| Base vector | Vector | AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions:
TYPO3 (affected versions not specified)
Description:
The issue allows execution of arbitrary shell commands if the "From" header comes from a non-trusted source and no "Return-Path" is configured. This is specifically related to the swiftmailer library used in TYPO3 installations where the configuration option `$GLOBALS['TYPO3 CONF VARS']['MAIL']['transport']` is set to "sendmail". Installations with the default configuration are not affected.
Recommendations:
For TYPO3 installations with the configuration option `$GLOBALS['TYPO3 CONF VARS']['MAIL']['transport']` set to "sendmail", consider changing the transport configuration to a safer option until a fix is available.
As a temporary workaround, consider configuring a "Return-Path" to minimize the risk of exploitation.
Fix
RCE
Weakness Enumeration
Related Identifiers
Affected Products
References · 8
- https://osv.dev/vulnerability/GHSA-45xg-4w5x-j429 · Vendor Advisory
- https://github.com/FriendsOfPHP/security-advisories/blob/master/typo3/cms/2014-10-22-2.yaml⭐ 2049 🔗 306 · Note
- https://github.com/TYPO3/typo3⭐ 1101 🔗 676 · Note
- https://github.com/TYPO3/typo3/commit/313c4bba53dd78803a9ee97c1f6f1d450a521521⭐ 1057 🔗 672 · Note
- https://github.com/TYPO3/typo3/commit/ead183c5acf25b7e1121adee5a5860bd9b5f05a2⭐ 1057 🔗 672 · Note
- https://github.com/TYPO3/typo3/commit/6af37574e063929eaab066dd9920b1fa8815da12⭐ 1057 🔗 672 · Note
- https://github.com/TYPO3/typo3/commit/dbdd9f22b7cebf43f2e4abdb2a6a8a9f32af8f61⭐ 1057 🔗 672 · Note
- https://typo3.org/security/advisory/typo3-core-sa-2014-002 · Note