CVE-2011-4904: Improper Input Validation

April 22, 2022 (updated January 12, 2024)

TYPO3 before 4.4.9 and 4.5.x before 4.5.4 does not apply proper access control on ExtDirect calls which allows remote attackers to retrieve ExtDirect endpoint services.

References

github.com/advisories/GHSA-qf79-34j4-54m6
nvd.nist.gov/vuln/detail/CVE-2011-4904
security-tracker.debian.org/tracker/CVE-2011-4904
typo3.org/security/advisory/typo3-core-sa-2011-001/

Code Behaviors & Features

Detect and mitigate CVE-2011-4904 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →