- Release Date: October 15, 2019
- Component Type: Third party extension. This extension is not a part of the TYPO3 default installation.
- Vulnerability Type: SQL Injection
- Affected Versions: 1.2.1 and below
- Severity: Medium
- Suggested CVSS v3.0: AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:F/RL:O/RC:X
- CVE: CVE-2019-16682
The extension fails to properly sanitize user input and is susceptible to SQL Injection.
An updated version 1.2.2 is available from the TYPO3 extension manager and at https://extensions.typo3.org/extension/download/url_redirect/1.2.2/zip/
Users of the extension are advised to update the extension as soon as possible.
Credits go to Daniel Goerz who reported the vulnerability.