Name of the Vulnerable Software and Affected Versions TYPO3 CMS (affected versions not specified)

Description The issue arises from the improper validation of the HTTP host-header in TYPO3 CMS, making it susceptible to host spoofing. The HTTP host-header is used by TYPO3 to generate absolute URLs in various instances, such as 404 handling, HTTP(S) enforcement, and password reset links. Since the host header is client-provided, it can be forged to any value, posing a risk even in name-based virtual hosts environments.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.