CVE-2021-21357

EPSS 1.12%
Veröffentlicht 23.03.2021 02:15:12
Zuletzt bearbeitet 21.11.2024 05:48:11
Quelle security-advisories@github.com
CVE-Watchlists
Login
Unerledigt
Login

TYPO3 is an open source PHP based web content management system. In TYPO3 before versions 8.7.40, 9.5.25, 10.4.14, 11.1.1 due to improper input validation, attackers can by-pass restrictions of predefined options and submit arbitrary data in the Form Designer backend module of the Form Framework. In the default configuration of the Form Framework this allows attackers to explicitly allow arbitrary mime-types for file uploads - however, default _fileDenyPattern_ successfully blocked files like _.htaccess_ or _malicious.php_. Besides that, attackers can persist those files in any writable directory of the corresponding TYPO3 installation. A valid backend user account with access to the form module is needed to exploit this vulnerability. This is fixed in versions 8.7.40, 9.5.25, 10.4.14, 11.1.1.

Betroffene Produkte Warnungen 0 Metriken 4 CWE 3 Referenzen 6

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Typo3 ≫ Typo3 Version >= 8.0.0 < 8.7.40

Typo3 ≫ Typo3 Version >= 9.0.0 < 9.5.25

Typo3 ≫ Typo3 Version >= 10.0.0 < 10.4.14

Typo3 ≫ Typo3 Version >= 11.0.0 < 11.1.1

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	1.12%	0.762

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	8.3	2.8	5.5	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:H
nvd@nist.gov	6.5	8	6.4	AV:N/AC:L/Au:S/C:P/I:P/A:P
security-advisories@github.com	8.3	2.8	5.5	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:H

CWE-20 Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.

CWE-434 Unrestricted Upload of File with Dangerous Type

The product allows the upload or transfer of dangerous file types that are automatically processed within its environment.

https://packagist.org/packages/typo3/cms-form

Third Party Advisory

Release Notes

https://github.com/TYPO3/TYPO3.CMS/security/advisories/GHSA-3vg7-jw9m-pc3f

Third Party Advisory

https://typo3.org/security/advisory/typo3-core-sa-2021-003

Vendor Advisory

https://nvd.nist.gov/vuln/detail/CVE-2021-21357

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2021-21357

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2021-21357

EUVD