CVE-2010-3666
MEDIUM5.3EPSS 0.33%TYPO3 is vulnerable to Insecure randomness in uniqid function
Published: 4/21/2022Modified: 2/6/2024
Description
TYPO3 before 4.1.14, 4.2.x before 4.2.13, 4.3.x before 4.3.4 and 4.4.x before 4.4.1 contains insecure randomness in the `uniqid` function.
Affected packages (1)
- Packagist/typo3/cms-installfrom 0, < 4.1.14
CVSS scores
| Source | Version | Severity | Vector |
|---|---|---|---|
| osv | CVSS 3.1 | MEDIUM5.3 | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N |
References (9)
- ADVISORYhttps://nvd.nist.gov/vuln/detail/CVE-2010-3666
- PATCHhttps://github.com/TYPO3-CMS/install
- WEBhttps://bugs.debian.org/cgi-bin/bugreport.cgi?bug=590719
- WEBhttps://github.com/TYPO3/typo3/commit/302b35e714ca30ddb71ab36b9cbb2bea760a2f0e
- WEBhttps://github.com/TYPO3/typo3/commit/352d6066bf09137e86705bc060fd4ab3ba8f9191
- WEBhttps://github.com/TYPO3/typo3/commit/42324b30546b1e49fb16c916fc71cceb99ad9fd0
- WEBhttps://github.com/TYPO3/typo3/commit/f6d2e33cfab87c9e44eca275d6755be747e3cd7e
- WEBhttps://security-tracker.debian.org/tracker/CVE-2010-3666
- WEBhttps://typo3.org/security/advisory/typo3-sa-2010-012/#Insecure_Randomness