forked from FriendsOfPHP/security-advisories
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Merge pull request FriendsOfPHP#542 from ohader/sec/typo3-march-2021
[TASK] Add security advisories for TYPO3's March 2021 releases
- Loading branch information
Showing
16 changed files
with
196 additions
and
0 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,13 @@ | ||
| title: 'TYPO3-CORE-SA-2021-001: Open Redirection in Login Handling' | ||
| link: 'https://typo3.org/security/advisory/typo3-core-sa-2021-001/' | ||
| branches: | ||
| 10.x: | ||
| time: '2021-03-16 08:59:01' | ||
| versions: ['>=10.0.0', '<10.4.14'] | ||
| 11.x: | ||
| time: '2021-03-16 09:01:50' | ||
| versions: ['>=11.0.0', '<11.1.1'] | ||
| 9.x: | ||
| time: '2021-03-16 08:57:07' | ||
| versions: ['>=9.0.0', '<9.5.25'] | ||
| reference: 'composer://typo3/cms-core' |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,13 @@ | ||
| title: 'TYPO3-CORE-SA-2021-002: Unrestricted File Upload in Form Framework' | ||
| link: 'https://typo3.org/security/advisory/typo3-core-sa-2021-002/' | ||
| branches: | ||
| 10.x: | ||
| time: '2021-03-16 08:59:23' | ||
| versions: ['>=10.0.0', '<10.4.14'] | ||
| 11.x: | ||
| time: '2021-03-16 09:02:09' | ||
| versions: ['>=11.0.0', '<11.1.1'] | ||
| 9.x: | ||
| time: '2021-03-16 08:57:27' | ||
| versions: ['>=9.0.0', '<9.5.25'] | ||
| reference: 'composer://typo3/cms-core' |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,13 @@ | ||
| title: 'TYPO3-CORE-SA-2021-003: Broken Access Control in Form Framework' | ||
| link: 'https://typo3.org/security/advisory/typo3-core-sa-2021-003/' | ||
| branches: | ||
| 10.x: | ||
| time: '2021-03-16 08:59:40' | ||
| versions: ['>=10.0.0', '<10.4.14'] | ||
| 11.x: | ||
| time: '2021-03-16 09:02:31' | ||
| versions: ['>=11.0.0', '<11.1.1'] | ||
| 9.x: | ||
| time: '2021-03-16 08:57:43' | ||
| versions: ['>=9.0.0', '<9.5.25'] | ||
| reference: 'composer://typo3/cms-core' |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,10 @@ | ||
| title: 'TYPO3-CORE-SA-2021-004: Cross-Site Scripting in Form Framework' | ||
| link: 'https://typo3.org/security/advisory/typo3-core-sa-2021-004/' | ||
| branches: | ||
| 10.x: | ||
| time: '2021-03-16 08:59:55' | ||
| versions: ['>=10.0.0', '<10.4.14'] | ||
| 11.x: | ||
| time: '2021-03-16 09:02:46' | ||
| versions: ['>=11.0.0', '<11.1.1'] | ||
| reference: 'composer://typo3/cms-core' |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,13 @@ | ||
| title: 'TYPO3-CORE-SA-2021-005: Denial of Service in Page Error Handling' | ||
| link: 'https://typo3.org/security/advisory/typo3-core-sa-2021-005/' | ||
| branches: | ||
| 10.x: | ||
| time: '2021-03-16 09:00:29' | ||
| versions: ['>=10.0.0', '<10.4.14'] | ||
| 11.x: | ||
| time: '2021-03-16 09:03:06' | ||
| versions: ['>=11.0.0', '<11.1.1'] | ||
| 9.x: | ||
| time: '2021-03-16 08:58:04' | ||
| versions: ['>=9.0.0', '<9.5.25'] | ||
| reference: 'composer://typo3/cms-core' |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,13 @@ | ||
| title: 'TYPO3-CORE-SA-2021-006: Cleartext storage of session identifier' | ||
| link: 'https://typo3.org/security/advisory/typo3-core-sa-2021-006/' | ||
| branches: | ||
| 10.x: | ||
| time: '2021-03-16 09:00:50' | ||
| versions: ['>=10.0.0', '<10.4.14'] | ||
| 11.x: | ||
| time: '2021-03-16 09:03:23' | ||
| versions: ['>=11.0.0', '<11.1.1'] | ||
| 9.x: | ||
| time: '2021-03-16 08:58:23' | ||
| versions: ['>=9.0.0', '<9.5.25'] | ||
| reference: 'composer://typo3/cms-core' |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,10 @@ | ||
| title: 'TYPO3-CORE-SA-2021-007: Cross-Site Scripting in Content Preview' | ||
| link: 'https://typo3.org/security/advisory/typo3-core-sa-2021-007/' | ||
| branches: | ||
| 10.x: | ||
| time: '2021-03-16 09:01:14' | ||
| versions: ['>=10.0.0', '<10.4.14'] | ||
| 11.x: | ||
| time: '2021-03-16 09:03:36' | ||
| versions: ['>=11.0.0', '<11.1.1'] | ||
| reference: 'composer://typo3/cms-core' |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,13 @@ | ||
| title: 'TYPO3-CORE-SA-2021-008: Cross-Site Scripting in Content Preview' | ||
| link: 'https://typo3.org/security/advisory/typo3-core-sa-2021-008/' | ||
| branches: | ||
| 10.x: | ||
| time: '2021-03-16 09:01:32' | ||
| versions: ['>=10.0.0', '<10.4.14'] | ||
| 11.x: | ||
| time: '2021-03-16 09:03:54' | ||
| versions: ['>=11.0.0', '<11.1.1'] | ||
| 9.x: | ||
| time: '2021-03-16 08:58:42' | ||
| versions: ['>=9.0.0', '<9.5.25'] | ||
| reference: 'composer://typo3/cms-core' |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,13 @@ | ||
| title: 'TYPO3-CORE-SA-2021-001: Open Redirection in Login Handling' | ||
| link: 'https://typo3.org/security/advisory/typo3-core-sa-2021-001/' | ||
| branches: | ||
| 10.x: | ||
| time: '2021-03-16 08:59:01' | ||
| versions: ['>=10.0.0', '<10.4.14'] | ||
| 11.x: | ||
| time: '2021-03-16 09:01:50' | ||
| versions: ['>=11.0.0', '<11.1.1'] | ||
| 9.x: | ||
| time: '2021-03-16 08:57:07' | ||
| versions: ['>=9.0.0', '<9.5.25'] | ||
| reference: 'composer://typo3/cms' |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,13 @@ | ||
| title: 'TYPO3-CORE-SA-2021-002: Unrestricted File Upload in Form Framework' | ||
| link: 'https://typo3.org/security/advisory/typo3-core-sa-2021-002/' | ||
| branches: | ||
| 10.x: | ||
| time: '2021-03-16 08:59:23' | ||
| versions: ['>=10.0.0', '<10.4.14'] | ||
| 11.x: | ||
| time: '2021-03-16 09:02:09' | ||
| versions: ['>=11.0.0', '<11.1.1'] | ||
| 9.x: | ||
| time: '2021-03-16 08:57:27' | ||
| versions: ['>=9.0.0', '<9.5.25'] | ||
| reference: 'composer://typo3/cms' |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,13 @@ | ||
| title: 'TYPO3-CORE-SA-2021-003: Broken Access Control in Form Framework' | ||
| link: 'https://typo3.org/security/advisory/typo3-core-sa-2021-003/' | ||
| branches: | ||
| 10.x: | ||
| time: '2021-03-16 08:59:40' | ||
| versions: ['>=10.0.0', '<10.4.14'] | ||
| 11.x: | ||
| time: '2021-03-16 09:02:31' | ||
| versions: ['>=11.0.0', '<11.1.1'] | ||
| 9.x: | ||
| time: '2021-03-16 08:57:43' | ||
| versions: ['>=9.0.0', '<9.5.25'] | ||
| reference: 'composer://typo3/cms' |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,10 @@ | ||
| title: 'TYPO3-CORE-SA-2021-004: Cross-Site Scripting in Form Framework' | ||
| link: 'https://typo3.org/security/advisory/typo3-core-sa-2021-004/' | ||
| branches: | ||
| 10.x: | ||
| time: '2021-03-16 08:59:55' | ||
| versions: ['>=10.0.0', '<10.4.14'] | ||
| 11.x: | ||
| time: '2021-03-16 09:02:46' | ||
| versions: ['>=11.0.0', '<11.1.1'] | ||
| reference: 'composer://typo3/cms' |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,13 @@ | ||
| title: 'TYPO3-CORE-SA-2021-005: Denial of Service in Page Error Handling' | ||
| link: 'https://typo3.org/security/advisory/typo3-core-sa-2021-005/' | ||
| branches: | ||
| 10.x: | ||
| time: '2021-03-16 09:00:29' | ||
| versions: ['>=10.0.0', '<10.4.14'] | ||
| 11.x: | ||
| time: '2021-03-16 09:03:06' | ||
| versions: ['>=11.0.0', '<11.1.1'] | ||
| 9.x: | ||
| time: '2021-03-16 08:58:04' | ||
| versions: ['>=9.0.0', '<9.5.25'] | ||
| reference: 'composer://typo3/cms' |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,13 @@ | ||
| title: 'TYPO3-CORE-SA-2021-006: Cleartext storage of session identifier' | ||
| link: 'https://typo3.org/security/advisory/typo3-core-sa-2021-006/' | ||
| branches: | ||
| 10.x: | ||
| time: '2021-03-16 09:00:50' | ||
| versions: ['>=10.0.0', '<10.4.14'] | ||
| 11.x: | ||
| time: '2021-03-16 09:03:23' | ||
| versions: ['>=11.0.0', '<11.1.1'] | ||
| 9.x: | ||
| time: '2021-03-16 08:58:23' | ||
| versions: ['>=9.0.0', '<9.5.25'] | ||
| reference: 'composer://typo3/cms' |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,10 @@ | ||
| title: 'TYPO3-CORE-SA-2021-007: Cross-Site Scripting in Content Preview' | ||
| link: 'https://typo3.org/security/advisory/typo3-core-sa-2021-007/' | ||
| branches: | ||
| 10.x: | ||
| time: '2021-03-16 09:01:14' | ||
| versions: ['>=10.0.0', '<10.4.14'] | ||
| 11.x: | ||
| time: '2021-03-16 09:03:36' | ||
| versions: ['>=11.0.0', '<11.1.1'] | ||
| reference: 'composer://typo3/cms' |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,13 @@ | ||
| title: 'TYPO3-CORE-SA-2021-008: Cross-Site Scripting in Content Preview' | ||
| link: 'https://typo3.org/security/advisory/typo3-core-sa-2021-008/' | ||
| branches: | ||
| 10.x: | ||
| time: '2021-03-16 09:01:32' | ||
| versions: ['>=10.0.0', '<10.4.14'] | ||
| 11.x: | ||
| time: '2021-03-16 09:03:54' | ||
| versions: ['>=11.0.0', '<11.1.1'] | ||
| 9.x: | ||
| time: '2021-03-16 08:58:42' | ||
| versions: ['>=9.0.0', '<9.5.25'] | ||
| reference: 'composer://typo3/cms' |