CVE-2022-47411: Exposure of Resource to Wrong Sphere

December 14, 2022 (updated August 8, 2023)

An issue was discovered in the fp_newsletter (aka Newsletter subscriber management) extension before 1.1.1, 1.2.0, 2.x before 2.1.2, 2.2.1 through 2.4.0, and 3.x before 3.2.6 for TYPO3. Data about subscribers may be obtained via unsubscribeAction operations.

References

nvd.nist.gov/vuln/detail/CVE-2022-47411
typo3.org/security/advisory/typo3-ext-sa-2022-017

Detect and mitigate CVE-2022-47411 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →