CVE-2022-23504: TYPO3 CMS vulnerable to Sensitive Information Disclosure via YAML Placeholder Expressions in Site Configuration
(updated )
CVSS: <code>CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:L/A:L/E:F/RL:O/RC:C</code> (5.3)
References
- github.com/FriendsOfPHP/security-advisories/blob/master/typo3/cms-core/CVE-2022-23504.yaml
- github.com/FriendsOfPHP/security-advisories/blob/master/typo3/cms/CVE-2022-23504.yaml
- github.com/TYPO3/typo3
- github.com/TYPO3/typo3/commit/d1e627ff7eef07bd94c53db861e85977b203900a
- github.com/TYPO3/typo3/security/advisories/GHSA-8w3p-qh3x-6gjr
- github.com/advisories/GHSA-8w3p-qh3x-6gjr
- nvd.nist.gov/vuln/detail/CVE-2022-23504
- typo3.org/security/advisory/typo3-core-sa-2022-016
Code Behaviors & Features
Detect and mitigate CVE-2022-23504 with GitLab Dependency Scanning
Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →