GHSA-p2h4-7fp3-cmh8: TYPO3 Disclosure of Information about Installed Extensions
It has been discovered that mechanisms used for configuration of RequireJS package loading are susceptible to information disclosure. This way a potential attack can retrieve additional information about installed system and third party extensions.
References
- github.com/FriendsOfPHP/security-advisories/blob/master/typo3/cms-core/2019-01-22-1.yaml
- github.com/TYPO3-CMS/core/commit/7960334bba1223a681283158f67a999334e88cf1
- github.com/TYPO3-CMS/core/commit/9453d8a8763fffa76deb6a16f6b99c0ab6f3d8f1
- github.com/advisories/GHSA-p2h4-7fp3-cmh8
- typo3.org/security/advisory/typo3-core-sa-2019-001
Code Behaviors & Features
Detect and mitigate GHSA-p2h4-7fp3-cmh8 with GitLab Dependency Scanning
Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →