Staging Environment: Content and features may be unstable or change without notice.
Search for packages
Package details: pkg:composer/typo3/cms-core@9.5.48
purl pkg:composer/typo3/cms-core@9.5.48
Tags Ghost
Next non-vulnerable version 12.4.41
Latest non-vulnerable version 14.0.2
Risk 3.1
Vulnerabilities affecting this package (1)
Vulnerability Summary Fixed by
VCID-xy6y-312d-rygj
Aliases:
CVE-2024-55892
GHSA-2fx5-pggv-6jjr
TYPO3 Potential Open Redirect via Parsing Differences ### Problem Applications that use `TYPO3\CMS\Core\Http\Uri` to parse externally provided URLs (e.g., via a query parameter) and validate the host of the parsed URL may be vulnerable to open redirect or SSRF attacks if the URL is used after passing the validation checks. ### Solution Update to TYPO3 versions 9.5.49 ELTS, 10.4.48 ELTS, 11.5.42 ELTS, 12.4.25 LTS, 13.4.3 LTS that fix the problem described. ### Credits Thanks to Sam Mush and Christian Eßl who reported this issue and to TYPO3 core & security team member Benjamin Franzke who fixed the issue. ### References * [TYPO3-CORE-SA-2025-002](https://typo3.org/security/advisory/typo3-core-sa-2025-002)
9.5.49
Affected by 0 other vulnerabilities.
10.4.48
Affected by 0 other vulnerabilities.
11.5.42
Affected by 0 other vulnerabilities.
12.4.25
Affected by 6 other vulnerabilities.
13.4.3
Affected by 6 other vulnerabilities.
Vulnerabilities fixed by this package (0)
Vulnerability Summary Aliases
This package is not known to fix vulnerabilities.

Date Actor Action Vulnerability Source VulnerableCode Version
2026-04-07T04:56:45.737722+00:00 GHSA Importer Affected by VCID-xy6y-312d-rygj https://github.com/advisories/GHSA-2fx5-pggv-6jjr 38.1.0
2026-04-02T12:39:11.966637+00:00 GitLab Importer Fixing VCID-8d2m-1ffv-jqe1 https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/typo3/cms-core/CVE-2024-34356.yml 38.0.0
2026-04-02T12:39:10.823658+00:00 GitLab Importer Fixing VCID-zwgt-rm1f-6bf2 https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/typo3/cms-core/CVE-2024-34357.yml 38.0.0
2026-04-02T12:39:09.423330+00:00 GitLab Importer Fixing VCID-mud2-s4rc-fuf6 https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/typo3/cms-core/CVE-2024-34358.yml 38.0.0
2026-04-01T16:05:16.914658+00:00 GHSA Importer Fixing VCID-mud2-s4rc-fuf6 https://github.com/advisories/GHSA-36g8-62qv-5957 38.0.0
2026-04-01T16:05:16.731125+00:00 GHSA Importer Fixing VCID-zwgt-rm1f-6bf2 https://github.com/advisories/GHSA-hw6c-6gwq-3m3m 38.0.0
2026-04-01T16:05:16.512772+00:00 GHSA Importer Fixing VCID-8d2m-1ffv-jqe1 https://github.com/advisories/GHSA-v6mw-h7w6-59w3 38.0.0
2026-04-01T12:52:07.463878+00:00 GithubOSV Importer Fixing VCID-zwgt-rm1f-6bf2 https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2024/05/GHSA-hw6c-6gwq-3m3m/GHSA-hw6c-6gwq-3m3m.json 38.0.0
2026-04-01T12:51:58.499334+00:00 GithubOSV Importer Fixing VCID-8d2m-1ffv-jqe1 https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2024/05/GHSA-v6mw-h7w6-59w3/GHSA-v6mw-h7w6-59w3.json 38.0.0
2026-04-01T12:51:52.834310+00:00 GithubOSV Importer Fixing VCID-mud2-s4rc-fuf6 https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2024/05/GHSA-36g8-62qv-5957/GHSA-36g8-62qv-5957.json 38.0.0