Name of the Vulnerable Software and Affected Versions TYPO3 (affected versions not specified)

Description The issue concerns insecure deserialization in Extbase request handling. It requires a user-submitted payload to be signed with a corresponding HMAC-SHA1 using the sensitive TYPO3 encryptionKey as a secret. If the encryptionKey has been leaked, attackers could calculate the required HMAC-SHA1, allowing a malicious payload to be deserialized. This could happen if sensitive information was accidentally exposed in repositories, backup files, or other commonly known unprotected locations. For successful exploitation, at least one Extbase plugin must be rendered in the frontend, and the encryptionKey must have been leaked.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.