Vulnerabilities
Projects
Vulnerability Disclosure
About Us
Contact Us
Mend.io Vulnerability Database
What is a WS vulnerability ID?
What is an MSC vulnerability ID?
We found results for “”
WS-2019-0012
Good to know:
Date: December 11, 2018
TYPO3 in versions 7.0.0-7.6.31, 8.0.0-8.7.20 and 9.0.0-9.5.1 Online Media Asset Handling (*.youtube and *.vimeo files) in the TYPO3 backend is vulnerable to denial of service. Putting large files with according file extensions results in high consumption of system resources.
Language: PHP
Severity Score
Severity Score
Weakness Type (CWE)
Uncontrolled Resource Consumption
CWE-400Top Fix
Upgrade Version
Upgrade to version typo3/cms - 7.6.16;typo3/cms - 7.6.28;typo3/cms - 8.7.10;typo3/cms - 8.7.14;typo3/cms - 8.7.15;typo3/cms - 8.5.0;typo3/cms - 7.6.21;typo3/cms - 7.6.27;typo3/cms - 8.7.19;typo3/cms - 7.6.26;typo3/cms - 8.4.0;typo3/cms - v9.4.0;typo3/cms - 7.6.22;typo3/cms - 7.6.23;typo3/cms - 8.6.1;typo3/cms - dev-TYPO3_8-7;typo3/cms - 8.7.7;typo3/cms - 7.6.25;typo3/cms - 8.7.18;typo3/cms - 7.6.11;typo3/cms - 7.6.24;typo3/cms - 7.6.31;typo3/cms - 7.6.19;typo3/cms - TYPO3_8-7-3;typo3/cms - 7.6.13;typo3/cms - 8.7.2;typo3/cms - 8.7.11;typo3/cms - 8.7.17;typo3/cms - 7.6.30;typo3/cms - 8.7.8;typo3/cms - dev-TYPO3_7-6;typo3/cms - 8.7.6;typo3/cms - 8.7.16;typo3/cms - 8.3.0;typo3/cms - 8.7.12;typo3/cms - 7.6.29;typo3/cms - 8.7.5;typo3/cms - v9.5.2;typo3/cms - 8.7.4;typo3/cms - 7.6.32;typo3/cms - TYPO3_7-6-20;typo3/cms - 8.7.13;typo3/cms - 8.7.9;instituteweb/typo3-cms - no_fix;instituteweb/typo3-cms - 6.2.19;typo3/cms-core - v9.4.0;typo3/cms-core - v8.7.19;patrickbroens/content-rendering-core - no_fix
CVSS v3.1
| Base Score: |
|
|---|---|
| Attack Vector (AV): | NETWORK |
| Attack Complexity (AC): | LOW |
| Privileges Required (PR): | LOW |
| User Interaction (UI): | NONE |
| Scope (S): | UNCHANGED |
| Confidentiality (C): | NONE |
| Integrity (I): | NONE |
| Availability (A): | LOW |