Component Type: Core
Affected Components: config.baseURL
Versions: TYPO3 3.8.0 and earlier
Vulnerability Type: TYPO3 cache spoofing
Under special circumstances, setting config.baseURL (see typo3.org/documentation/document-library/doc_core_tsref/quot_CONFIG_quot/ ) to a numeric value ("1") could be used to spoof a malicious baseURL into your TYPO3 cache. It has now been decided to technically prevent this misconfiguration.
The solution is part of the general maintenance upgrade to TYPO3 version 3.8.1, which all users of TYPO3 are advised to implement. In this version, the usage of "config.baseURL=1" is disabled. The usage of textual values remains the recommended option.
If you have been using "config.baseURL=1" in your setup, please make sure to change this before upgrading to TYPO3 3.8.1 !
Thanks to Mikael Conley and others for notifying us.