Public Service Announcements for TYPO3

Mon. 6th February, 2023

TYPO3-PSA-2023-001: Important Security-Bulletin Pre-Announcement

Categories: Development, TYPO3 CMS

Advisory type: Public Service Announcements

Created by Oliver Hader

The TYPO3 Security Team pre-announces an important security release.

Tue. 22nd February, 2022

TYPO3-PSA-2022-001: Sanitization bypass in SVG Sanitizer

Categories: Development, Security, TYPO3 CMS

Advisory type: Public Service Announcements

Created by Oliver Hader

Third-party package enshrined/svg-sanitize, used by TYPO3 core packages, was susceptible to bypassing the sanitization strategy.

Thu. 16th December, 2021

TYPO3-PSA-2021-004: Statement on Recent log4j/log4shell Vulnerabilities (CVE-2021-44228)

Categories: Development, Security, TYPO3 CMS

Advisory type: Public Service Announcements

Created by Torben Hansen

Components of TYPO3 CMS are based on PHP and are therefore not directly affected by the recent log4j vulnerabilities. However, additional services…

Thu. 16th December, 2021

TYPO3-PSA-2021-003: Mitigation of Cache Poisoning Caused by Untrusted URL Query Parameters

Categories: Development, Security, TYPO3 CMS

Advisory type: Public Service Announcements

Created by Oliver Hader and Torben Hansen

It has been discovered that TYPO3 CMS is susceptible to cache poisoning.

Tue. 20th July, 2021

TYPO3-PSA-2021-002: CSV Code Injection

Categories: Development, TYPO3 CMS

Advisory type: Public Service Announcements

Created by Torben Hansen

It has been discovered that the TYPO3 extensions offering a CSV export might create CSV files that can contain formulas executed in external…

Tue. 20th July, 2021

TYPO3-PSA-2021-001: Sensitive links in search results of TYPO3 extension indexed_search

Categories: Development, TYPO3 CMS

Advisory type: Public Service Announcements

Created by Torben Hansen

It has been discovered that the TYPO3 extension “Indexed Search” may index sensitive links under certain conditions.

Tue. 17th November, 2020

TYPO3-PSA-2020-003: Mitigation of Cross-Site Scripting Vulnerabilities in File Upload Handling

Categories: Development, TYPO3 CMS

Advisory type: Public Service Announcements

Created by Oliver Hader

Repeating and refining public service announcement TYPO3-PSA-2019-010.

Tue. 17th November, 2020

TYPO3-PSA-2020-002: Protecting Install Tool with Sudo Mode

Categories: Development, TYPO3 CMS

Advisory type: Public Service Announcements

Created by Oliver Hader

Accessing Install Tool via TYPO3 Backend requires password verification - known as Sudo Mode.

Tue. 28th July, 2020

TYPO3-PSA-2020-001: Critical vulnerability in legacy versions of TYPO3 CMS

Categories: Development

Advisory type: Public Service Announcements

It has been discovered that TYPO3 CMS is susceptible to sensitive information disclosure in previous TYPO3 versions which are not maintained by the…

Tue. 17th December, 2019

TYPO3-PSA-2019-011: Possible Insecure Deserialization in Extbase Request Handling

Categories: Development

Advisory type: Public Service Announcements

Created by Oliver Hader

It has been discovered that TYPO3 CMS can be vulnerable to insecure deserialization.

Security Bulletins: