CVE-2020-11067: Deserialization of Untrusted Data in TYPO3 CMS
First published: Tue May 12 2020(Updated: )
In TYPO3 CMS 9.0.0 through 9.5.16 and 10.0.0 through 10.4.1, it has been discovered that backend user settings (in $BE_USER->uc) are vulnerable to insecure deserialization. In combination with vulnerabilities of third party components, this can lead to remote code execution. A valid backend user account is needed to exploit this vulnerability. This has been fixed in 9.5.17 and 10.4.2.
Credit: security-advisories@github.com security-advisories@github.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| composer/typo3/cms | >=10.0.0<10.4.2>=9.0.0<9.5.17 | |
| composer/typo3/cms-core | >=10.0.0<10.4.2>=9.0.0<9.5.17 | |
| Typo3 Typo3 | >=9.0.0<=9.5.16 | |
| Typo3 Typo3 | >=10.0.0<=10.4.1 | |
| composer/typo3/cms | >=9.0.0<9.5.17 | 9.5.17 |
| composer/typo3/cms | >=10.0.0<10.4.2 | 10.4.2 |
| composer/typo3/cms-core | >=10.0.0<10.4.2 | 10.4.2 |
| composer/typo3/cms-core | >=9.0.0<9.5.17 | 9.5.17 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://typo3.org/security/advisory/typo3-core-sa-2020-005
- https://github.com/TYPO3/TYPO3.CMS/security/advisories/GHSA-2wj9-434x-9hvp
- https://nvd.nist.gov/vuln/detail/CVE-2020-11067
- https://github.com/FriendsOfPHP/security-advisories/blob/master/typo3/cms-core/CVE-2020-11067.yaml
- https://github.com/FriendsOfPHP/security-advisories/blob/master/typo3/cms/CVE-2020-11067.yaml
- https://github.com/advisories/GHSA-2wj9-434x-9hvp (Advisory)
Frequently Asked Questions
What is the vulnerability ID for this TYPO3 security advisory?
The vulnerability ID for this TYPO3 security advisory is CVE-2020-11067.
What is the title of this TYPO3 security advisory?
The title of this TYPO3 security advisory is TYPO3-CORE-SA-2020-005: Insecure Deserialization in Backend User Settings.
What is the affected software for this TYPO3 security advisory?
The affected software for this TYPO3 security advisory is TYPO3 CMS versions 9.0.0 to 9.5.17 and 10.0.0 to 10.4.2.
What is the reference for this TYPO3 security advisory?
The reference for this TYPO3 security advisory can be found at https://typo3.org/security/advisory/typo3-core-sa-2020-005.
How can I fix the vulnerability in TYPO3 CMS?
To fix the vulnerability in TYPO3 CMS, you should update to a version that is not affected by the security advisory.
- collector/friends-of-php
- collector/nvd-index
- agent/type
- agent/first-publish-date
- collector/github-advisory-latest
- source/GitHub
- alias/GHSA-2wj9-434x-9hvp
- alias/CVE-2020-11067
- agent/software-canonical-lookup
- agent/author
- agent/severity
- agent/weakness
- agent/references
- agent/description
- collector/nvd-cve
- source/NVD
- agent/softwarecombine
- collector/github-advisory
- collector/mitre-cve
- source/MITRE
- agent/title
- agent/last-modified-date
- agent/event
- agent/tags
- agent/trending
- package-manager/composer
- vendor/typo3
- canonical/typo3 typo3
- version/typo3 typo3/9.0.0
- version/typo3 typo3/9.5.16
- version/typo3 typo3/10.0.0
- version/typo3 typo3/10.4.1