GHSA-6487-3qvg-8px9: TYPO3 Information Disclosure in Install Tool
The Install Tool exposes the current TYPO3 version number to non-authenticated users.
References
- github.com/FriendsOfPHP/security-advisories/blob/master/typo3/cms/2018-12-11-5.yaml
- github.com/TYPO3/typo3
- github.com/TYPO3/typo3/commit/232d0a64282382229c205904173a16a581555fe3
- github.com/TYPO3/typo3/commit/b4dd20f31d483f6399e8bcbffcac3e16a2df0d92
- github.com/TYPO3/typo3/commit/fab0cbc970b709ed65fc4622a2cbd52a197480c4
- github.com/advisories/GHSA-6487-3qvg-8px9
- typo3.org/security/advisory/typo3-core-sa-2018-010
Code Behaviors & Features
Detect and mitigate GHSA-6487-3qvg-8px9 with GitLab Dependency Scanning
Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →