CVE-2020-15241, GHSA-7733-hjv6-4h47
packagist/typo3/cms-core
URL Redirection to Untrusted Site (Open Redirect)
TYPO3 Fluid Engine (package typo3fluid/fluid
)is vulnerable to cross-site scripting when making use of the ternary conditional operator in templates like
{showFullName ? fullName : defaultValue}. Updated versions of this package are bundled in following TYPO3 (
typo3/cms-core) versions as well: TYPO3 v8.7.25 (using
typo3fluid/fluidv2.5.4) and TYPO3 v9.5.6 (using
typo3fluid/fluid` v2.6.1).
Version 8.7.25, version 9.5.6
Upgrade to versions 8.7.26, 9.5.7 or above.
2020-10-22
source |