Home > Vulnerability Database > CVE-2024-55892

Mend.io Vulnerability Database

CVE-2024-55892

Date: January 14, 2025

TYPO3 is a free and open source Content Management Framework. Applications that use "TYPO3\CMS\Core\Http\Uri" to parse externally provided URLs (e.g., via a query parameter) and validate the host of the parsed URL may be vulnerable to open redirect or SSRF attacks if the URL is used after passing the validation checks. Users are advised to update to TYPO3 versions 9.5.49 ELTS, 10.4.48 ELTS, 11.5.42 LTS, 12.4.25 LTS, 13.4.3 which fix the problem described. There are no known workarounds for this vulnerability.

Severity Score

4.8

Related Resources (6)

Url: https://github.com/TYPO3/typo3/commit/a4abf48d254685f43383e6e7f80d48aebaea56af

Url: https://nvd.nist.gov/vuln/detail/CVE-2024-55892

Url: https://github.com/TYPO3/typo3/security/advisories/GHSA-2fx5-pggv-6jjr

Url: https://typo3.org/security/advisory/typo3-core-sa-2025-002

Url: https://github.com/TYPO3/typo3

Url: https://www.mend.io/vulnerability-database/CVE-2024-55892

Severity Score

4.8

Weakness Type (CWE)

URL Redirection to Untrusted Site ('Open Redirect')

CWE-601

CVSS v3.1

Base Score:	4.8
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	HIGH
Privileges Required (PR):	NONE
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	LOW
Integrity (I):	LOW
Availability (A):	NONE

Mend.io Vulnerability Database

We found results for “”

CVE-2024-55892

Date: January 14, 2025

Severity Score

Related Resources (6)

Severity Score

Weakness Type (CWE)

CVSS v3.1

Do you need more information?