Skip to content

Cross-Site Scripting in third party library mso/idna-convert

Moderate severity GitHub Reviewed Published Jun 5, 2024 to the GitHub Advisory Database

Package

composer typo3/cms (Composer)

Affected versions

>= 7.6.0, < 7.6.10
>= 8.0.0, < 8.2.1

Patched versions

7.6.10
8.2.1

Description

Make sure to not expose the vendor directory to the publicly accessible document root. In composer managed installation, make sure to configure a dedicated web folder. In general it is recommended to not expose the complete typo3_src sources folder in the document root.

References

Published to the GitHub Advisory Database Jun 5, 2024
Reviewed Jun 5, 2024

Severity

Moderate

Weaknesses

CVE ID

No known CVE

GHSA ID

GHSA-qmwf-j7g7-f5jw

Source code

No known source code
Loading Checking history
See something to contribute? Suggest improvements for this vulnerability.