Name of the Vulnerable Software and Affected Versions: TYPO3 (affected versions not specified)

Description: The issue concerns insecure deserialization in Extbase request handling. It requires a user-submitted payload to be signed with a corresponding HMAC-SHA1 using the sensitive TYPO3 encryptionKey as a secret. If the encryptionKey has been leaked, attackers could calculate the required HMAC-SHA1, allowing a malicious payload to be deserialized. This could happen if sensitive information was accidentally exposed in repositories or unprotected backup files. For successful exploitation, at least one Extbase plugin must be rendered in the frontend, and the encryptionKey must have been leaked.

Recommendations: At the moment, there is no information about a newer version that contains a fix for this vulnerability.