GHSA-rxq8-q85f-m866: Prevent XSS from Confidant API call

GHSA-58vj-cv5w-v4v6: Navidrome has Multiple SQL Injections and ORM Leak

GHSA-73rg-f94j-xvhx: Plate allows arbitrary DOM attributes in element.attributes and leaf.attributes

GHSA-9hf4-67fc-4vf4: Puma's header normalization allows for client to clobber proxy set headers

GHSA-vvf8-2h68-9475: Keycloak Open Redirect vulnerability

Extbase request handling fails to implement a proper access check for requested controller/ action combinations, which makes it possible for an attacker to execute arbitrary Extbase actions by crafting a special request. To successfully exploit this vulnerability, an attacker must have access to at least one Extbase plugin or module action in a TYPO3 installation. The missing access check inevitably leads to information disclosure or remote code execution, depending on the action that an attacker is able to execute.

**Missing Access Check in TYPO3 CMS**

Critical severity GitHub Reviewed Published Jun 5, 2024 to the GitHub Advisory Database • Updated Jun 5, 2024

Headline

GHSA-gwfx-p7mr-f92v: Missing Access Check in TYPO3 CMS

ghsa: Latest News