CVE-2024-55892: TYPO3 Potential Open Redirect via Parsing Differences

January 14, 2025 (updated January 15, 2025)

Problem

Applications that use TYPO3\CMS\Core\Http\Uri to parse externally provided URLs (e.g., via a query parameter) and validate the host of the parsed URL may be vulnerable to open redirect or SSRF attacks if the URL is used after passing the validation checks.

Solution

Update to TYPO3 versions 9.5.49 ELTS, 10.4.48 ELTS, 11.5.42 ELTS, 12.4.25 LTS, 13.4.3 LTS that fix the problem described.

Credits

Thanks to Sam Mush and Christian Eßl who reported this issue and to TYPO3 core & security team member Benjamin Franzke who fixed the issue.

References

TYPO3-CORE-SA-2025-002

References

github.com/TYPO3/typo3
github.com/TYPO3/typo3/commit/a4abf48d254685f43383e6e7f80d48aebaea56af
github.com/TYPO3/typo3/security/advisories/GHSA-2fx5-pggv-6jjr
github.com/advisories/GHSA-2fx5-pggv-6jjr
nvd.nist.gov/vuln/detail/CVE-2024-55892
typo3.org/security/advisory/typo3-core-sa-2025-002

Code Behaviors & Features

Detect and mitigate CVE-2024-55892 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →