CVE-2020-15241

URL Redirection to Untrusted Site (Open Redirect) in packagist/typo3/cms-core

Identifiers

CVE-2020-15241, GHSA-7733-hjv6-4h47

Package Slug

packagist/typo3/cms-core

Vulnerability

URL Redirection to Untrusted Site (Open Redirect)

Description

TYPO3 Fluid Engine (package typo3fluid/fluid)is vulnerable to cross-site scripting when making use of the ternary conditional operator in templates like{showFullName ? fullName : defaultValue}. Updated versions of this package are bundled in following TYPO3 (typo3/cms-core) versions as well: TYPO3 v8.7.25 (usingtypo3fluid/fluidv2.5.4) and TYPO3 v9.5.6 (usingtypo3fluid/fluid` v2.6.1).

Affected Versions

Version 8.7.25, version 9.5.6

Solution

Upgrade to versions 8.7.26, 9.5.7 or above.

Last Modified

2020-10-22

source