Staging Environment: Content and features may be unstable or change without notice.
Search for packages
Package details: pkg:composer/typo3/cms-core@6.2.56
purl pkg:composer/typo3/cms-core@6.2.56
Tags Ghost
Next non-vulnerable version 12.4.41
Latest non-vulnerable version 14.0.2
Risk 3.1
Vulnerabilities affecting this package (2)
Vulnerability Summary Fixed by
VCID-5jgb-dsyx-hyb4
Aliases:
CVE-2021-21338
GHSA-4jhw-2p6j-5wmp
Open Redirection in Login Handling ### Problem It has been discovered that Login Handling is susceptible to open redirection which allows attackers redirecting to arbitrary content, and conducting phishing attacks. No authentication is required in order to exploit this vulnerability. ### Solution Update to TYPO3 versions 6.2.57, 7.6.51, 8.7.40, 9.5.25, 10.4.14, 11.1.1 that fix the problem described. ### Credits Thanks to Alexander Kellner who reported this issue and to TYPO3 security team member Torben Hansen who fixed the issue. ### References * [TYPO3-CORE-SA-2021-001](https://typo3.org/security/advisory/typo3-core-sa-2021-001)
6.2.57
Affected by 0 other vulnerabilities.
7.6.51
Affected by 1 other vulnerability.
8.7.40
Affected by 3 other vulnerabilities.
9.5.25
Affected by 32 other vulnerabilities.
10.4.14
Affected by 38 other vulnerabilities.
11.1.1
Affected by 39 other vulnerabilities.
VCID-dsu7-jjjq-f3e1
Aliases:
CVE-2021-21339
GHSA-qx3w-4864-94ch
Cleartext storage of session identifier ### Problem User session identifiers were stored in cleartext - without processing of additional cryptographic hashing algorithms. This vulnerability cannot be exploited directly and occurs in combination with a chained attack - like for instance SQL injection in any other component of the system. ### Solution Update to TYPO3 versions 6.2.57, 7.6.51, 8.7.40, 9.5.25, 10.4.14, 11.1.1 that fix the problem described. ### Credits Thanks to TYPO3 security team member Oliver Hader who reported this issue and to TYPO3 core & security team members Benni Mack & Oliver Hader who fixed the issue. ### References * [TYPO3-CORE-SA-2021-006](https://typo3.org/security/advisory/typo3-core-sa-2021-006)
6.2.57
Affected by 0 other vulnerabilities.
7.6.51
Affected by 1 other vulnerability.
8.7.40
Affected by 3 other vulnerabilities.
9.5.25
Affected by 32 other vulnerabilities.
10.4.14
Affected by 38 other vulnerabilities.
11.1.1
Affected by 39 other vulnerabilities.
Vulnerabilities fixed by this package (0)
Vulnerability Summary Aliases
This package is not known to fix vulnerabilities.

Date Actor Action Vulnerability Source VulnerableCode Version
2026-04-02T16:56:17.219029+00:00 GHSA Importer Affected by VCID-dsu7-jjjq-f3e1 https://github.com/advisories/GHSA-qx3w-4864-94ch 38.1.0
2026-04-02T16:56:16.776478+00:00 GHSA Importer Affected by VCID-5jgb-dsyx-hyb4 https://github.com/advisories/GHSA-4jhw-2p6j-5wmp 38.1.0