CVE-2021-21339
packagist/typo3/cms-core
Cleartext Storage of Sensitive Information
User session identifiers were stored in cleartext - without processing of additional cryptographic hashing algorithms. This vulnerability cannot be exploited directly and occurs in combination with a chained attack - such as SQL injection in any other component of the system.
All versions starting from 6.2.0 before 6.2.57, all versions starting from 7.0.0 before 7.6.51, all versions starting from 8.0.0 before 8.7.40, all versions starting from 9.0.0 before 9.5.25, all versions starting from 10.0.0 before 10.4.14, all versions starting from 11.0.0 before 11.1.1
Upgrade to versions 6.2.57, 7.6.51, 8.7.40, 9.5.25, 10.4.14, 11.1.1 or above.
2021-03-29
source |