CVE-2023-41100: hCaptcha for EXT:form Broken Access Control vulnerability

August 23, 2023

An issue was discovered in the hcaptcha (aka hCaptcha for EXT:form) extension before 2.1.2 for TYPO3. It fails to check that the required captcha field is submitted in the form data. allowing a remote user to bypass the CAPTCHA check.

References

github.com/FriendsOfPHP/security-advisories/blob/master/waldhacker/hcaptcha/CVE-2023-41100.yaml
github.com/advisories/GHSA-93wx-j2qv-49fg
nvd.nist.gov/vuln/detail/CVE-2023-41100
typo3.org/security/advisory/typo3-ext-sa-2023-007

Detect and mitigate CVE-2023-41100 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →