CVE-2019-11832
HIGH7.5EPSS 0.90%TYPO3 Image Processing susceptible to Code Execution
發布日:2022/5/24修改日:2024/2/20
描述
TYPO3 8.x before 8.7.25 and 9.x before 9.5.6 is susceptible to remote code execution because it does not properly configure the applications used for image processing, as demonstrated by ImageMagick or GraphicsMagick. For a successful exploit, the GhostScript binary `gs` must be available on the server system.
受影響套件(2)
- Packagist/typo3/cms>= 8.0.0, < 8.7.25
- Packagist/typo3/cms-core>= 8.0.0, < 8.7.25
CVSS 分數
| 來源 | 版本 | 嚴重程度 | 向量 |
|---|---|---|---|
| osv | CVSS 3.1 | HIGH7.5 | CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H |
參考連結(9)
- ADVISORYhttps://nvd.nist.gov/vuln/detail/CVE-2019-11832
- PATCHhttps://github.com/TYPO3/typo3
- WEBhttps://github.com/FriendsOfPHP/security-advisories/blob/master/typo3/cms-core/CVE-2019-11832.yaml
- WEBhttps://github.com/FriendsOfPHP/security-advisories/blob/master/typo3/cms/CVE-2019-11832.yaml
- WEBhttps://github.com/github/advisory-database/pull/3530
- WEBhttps://github.com/TYPO3/typo3/commit/2c04eeac44733fda491f92c697f88c1337d19c79
- WEBhttps://github.com/TYPO3/typo3/commit/51fdb774a57ee30e8d60c0e33b4a0b92d775739e
- WEBhttps://github.com/TYPO3/typo3/commit/e845d90b82b2f72ab12a9e37f15082297832beca
- WEBhttps://typo3.org/security/advisory/typo3-core-sa-2019-012