GHSA-w736-qv86-vq94, CVE-2010-3714
packagist/typo3/cms
TYPO3 Remote File Disclosure vulnerability in the jumpUrl mechanism
The jumpUrl (aka access tracking) implementation in tslib/class.tslib_fe.php in TYPO3 4.2.x before 4.2.15, 4.3.x before 4.3.7, and 4.4.x before 4.4.4 does not properly compare certain hash values during access-control decisions, which allows remote attackers to read arbitrary files via unspecified vectors.
All versions starting from 4.2.0 before 4.2.15, all versions starting from 4.3.0 before 4.3.7, all versions starting from 4.4.0 before 4.4.4
Upgrade to versions 4.2.15, 4.3.7, 4.4.4 or above.
2024-02-09
source |