CVE-2019-11832
HIGH7.5EPSS 0.90%TYPO3 Image Processing susceptible to Code Execution
Published: 5/24/2022Modified: 2/20/2024
Also known as:GHSA-3w4h-r27h-4r2w
Description
TYPO3 8.x before 8.7.25 and 9.x before 9.5.6 is susceptible to remote code execution because it does not properly configure the applications used for image processing, as demonstrated by ImageMagick or GraphicsMagick. For a successful exploit, the GhostScript binary `gs` must be available on the server system.
Affected packages (2)
- Packagist/typo3/cms>= 8.0.0, < 8.7.25
- Packagist/typo3/cms-core>= 8.0.0, < 8.7.25
CVSS scores
| Source | Version | Severity | Vector |
|---|---|---|---|
| osv | CVSS 3.1 | HIGH7.5 | CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H |
References (9)
- ADVISORYhttps://nvd.nist.gov/vuln/detail/CVE-2019-11832
- PATCHhttps://github.com/TYPO3/typo3
- WEBhttps://github.com/FriendsOfPHP/security-advisories/blob/master/typo3/cms-core/CVE-2019-11832.yaml
- WEBhttps://github.com/FriendsOfPHP/security-advisories/blob/master/typo3/cms/CVE-2019-11832.yaml
- WEBhttps://github.com/github/advisory-database/pull/3530
- WEBhttps://github.com/TYPO3/typo3/commit/2c04eeac44733fda491f92c697f88c1337d19c79
- WEBhttps://github.com/TYPO3/typo3/commit/51fdb774a57ee30e8d60c0e33b4a0b92d775739e
- WEBhttps://github.com/TYPO3/typo3/commit/e845d90b82b2f72ab12a9e37f15082297832beca
- WEBhttps://typo3.org/security/advisory/typo3-core-sa-2019-012