Path Traversal in TYPO3 Core
Moderate severity
GitHub Reviewed
Published
Feb 22, 2024
to the GitHub Advisory Database
•
Updated Feb 22, 2024
Package
Affected versions
>= 6.2.0, < 6.2.29
>= 7.6.0, < 7.6.13
>= 8.0.0, < 8.4.1
Patched versions
6.2.29
7.6.13
8.4.1
Description
Published to the GitHub Advisory Database
Feb 22, 2024
Reviewed
Feb 22, 2024
Last updated
Feb 22, 2024
Due to a too loose type check in an API method, attackers could bypass the directory traversal check by providing an invalid UTF-8 encoding sequence.
References