GHSA-4r76-xr68-w7m7: TYPO3 may allow editors to change, create, or delete metadata of files not within their file mounts
It has been discovered, that editors with access to file meta data table could change, create or delete metadata of files which are not within their file mounts.
References
- github.com/FriendsOfPHP/security-advisories/blob/master/typo3/cms/2015-07-01-1.yaml
- github.com/TYPO3/typo3
- github.com/TYPO3/typo3/commit/0decbf83c531cab77497429eb2edecf9a1038b25
- github.com/TYPO3/typo3/commit/bff9fa5945801d1d2c641ddc8eb86c6647549d80
- github.com/advisories/GHSA-4r76-xr68-w7m7
- typo3.org/security/advisory/typo3-core-sa-2015-002
- typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2015-002
Code Behaviors & Features
Detect and mitigate GHSA-4r76-xr68-w7m7 with GitLab Dependency Scanning
Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →