GHSA-f624-8hfq-5fh3: TYPO3 Information Disclosure of Installed Extensions
It has been discovered that mechanisms used for configuration of RequireJS package loading are susceptible to information disclosure. This way a potential attack can retrieve additional information about installed system and third party extensions.
References
- github.com/FriendsOfPHP/security-advisories/blob/master/typo3/cms/2019-01-22-1.yaml
- github.com/TYPO3/typo3
- github.com/TYPO3/typo3/commit/889ed77d2905d8b17afd31c723a23240c978823f
- github.com/TYPO3/typo3/commit/c81cca9e419e7aaed551b9b9a8d012ba7bffb287
- github.com/advisories/GHSA-f624-8hfq-5fh3
- typo3.org/security/advisory/typo3-core-sa-2019-001
Code Behaviors & Features
Detect and mitigate GHSA-f624-8hfq-5fh3 with GitLab Dependency Scanning
Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →