Release Date: January 16, 2015
Component Type: Third party extension. This extension is not a part of the TYPO3 default installation.
Affected Versions: 2.0.1
Vulnerability Type: Information Disclosure
Suggested CVSS v2.0: AV:N/AC:M/Au:N/C:P/I:N/A:N/E:F/RL:OF/RC:C
Problem Description: The extension discloses personal data of newsletter subscribers. Such data might be cached and indexed by search engines.
Solution: Updated version 2.0.2 is available from the TYPO3 extension manager and at http://typo3.org/extensions/repository/download/direct_mail_subscription/2.0.2/t3x/. If you are using a custom template, please consider the removal of name and email markers throughout the template!
Credits: Credits go to Ingo Müller and Stefan Neufeind who discovered the vulnerability.