GHSA-hjx5-v9xg-7h25: TYPO3 Denial of Service in Frontend Record Registration

May 30, 2024

TYPO3’s built-in record registration functionality (aka “basic shopping cart”) using recs URL parameters is vulnerable to denial of service. Failing to properly ensure that anonymous user sessions are valid, attackers can use this vulnerability in order to create an arbitrary amount of individual session-data records in the database.

References

github.com/FriendsOfPHP/security-advisories/blob/master/typo3/cms-core/2018-12-11-7.yaml
github.com/TYPO3-CMS/core
github.com/TYPO3-CMS/core/commit/5a44f93e9233e8f72159f9a67db26ed4bd5a10e0
github.com/advisories/GHSA-hjx5-v9xg-7h25
typo3.org/security/advisory/typo3-core-sa-2018-012

Code Behaviors & Features

Detect and mitigate GHSA-hjx5-v9xg-7h25 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →