CVE-2019-11832: Improper Input Validation

May 9, 2019 (updated May 13, 2019)

TYPO3 allows remote code execution because it does not properly configure the applications used for image processing, as demonstrated by ImageMagick or GraphicsMagick.

References

nvd.nist.gov/vuln/detail/CVE-2019-11832
typo3.org/security/advisory/typo3-core-sa-2019-012/

Code Behaviors & Features

Detect and mitigate CVE-2019-11832 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →