CVE-2020-15241: URL Redirection to Untrusted Site (Open Redirect)
(updated )
TYPO3 Fluid Engine (package typo3fluid/fluid
)is vulnerable to cross-site scripting when making use of the ternary conditional operator in templates like
{showFullName ? fullName : defaultValue}. Updated versions of this package are bundled in following TYPO3 (
typo3/cms-core) versions as well: TYPO3 v8.7.25 (using
typo3fluid/fluidv2.5.4) and TYPO3 v9.5.6 (using
typo3fluid/fluid` v2.6.1).
References
Detect and mitigate CVE-2020-15241 with GitLab Dependency Scanning
Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →