GMS-2022-8130: Duplicate of ./packagist/typo3/cms-core/CVE-2022-23500.yml
Problem
Requesting invalid or non-existing resources via HTTP triggers the page error handler, which again could retrieve content to be shown as an error message from another page. This leads to a scenario in which the application is calling itself recursively - amplifying the impact of the initial attack until the limits of the web server are exceeded.
This vulnerability is very similar, but not identical, to the one described in TYPO3-CORE-SA-2021-005
(CVE-2021-21359).
Solution
Update to TYPO3 versions 9.5.38 ELTS, 10.4.33 or 11.5.20 that fix the problem described above.
References
Detect and mitigate GMS-2022-8130 with GitLab Dependency Scanning
Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →