Search for packages
| purl | pkg:composer/typo3/cms-core@7.6.50 |
| Tags | Ghost |
| Next non-vulnerable version | None. |
| Latest non-vulnerable version | None. |
| Risk |
| Vulnerability | Summary | Fixed by |
|---|---|---|
|
VCID-d42j-347n-e7en
Aliases: CVE-2021-21338 GHSA-4jhw-2p6j-5wmp |
Open Redirection in Login Handling ### Problem It has been discovered that Login Handling is susceptible to open redirection which allows attackers redirecting to arbitrary content, and conducting phishing attacks. No authentication is required in order to exploit this vulnerability. ### Solution Update to TYPO3 versions 6.2.57, 7.6.51, 8.7.40, 9.5.25, 10.4.14, 11.1.1 that fix the problem described. ### Credits Thanks to Alexander Kellner who reported this issue and to TYPO3 security team member Torben Hansen who fixed the issue. ### References * [TYPO3-CORE-SA-2021-001](https://typo3.org/security/advisory/typo3-core-sa-2021-001) |
Affected by 1 other vulnerability. Affected by 3 other vulnerabilities. Affected by 28 other vulnerabilities. Affected by 32 other vulnerabilities. Affected by 33 other vulnerabilities. |
|
VCID-v83x-2hx7-yycg
Aliases: CVE-2021-21339 GHSA-qx3w-4864-94ch |
Cleartext storage of session identifier ### Problem User session identifiers were stored in cleartext - without processing of additional cryptographic hashing algorithms. This vulnerability cannot be exploited directly and occurs in combination with a chained attack - like for instance SQL injection in any other component of the system. ### Solution Update to TYPO3 versions 6.2.57, 7.6.51, 8.7.40, 9.5.25, 10.4.14, 11.1.1 that fix the problem described. ### Credits Thanks to TYPO3 security team member Oliver Hader who reported this issue and to TYPO3 core & security team members Benni Mack & Oliver Hader who fixed the issue. ### References * [TYPO3-CORE-SA-2021-006](https://typo3.org/security/advisory/typo3-core-sa-2021-006) |
Affected by 1 other vulnerability. Affected by 3 other vulnerabilities. Affected by 28 other vulnerabilities. Affected by 32 other vulnerabilities. Affected by 33 other vulnerabilities. |
| Vulnerability | Summary | Aliases |
|---|---|---|
| This package is not known to fix vulnerabilities. | ||
| Date | Actor | Action | Vulnerability | Source | VulnerableCode Version |
|---|---|---|---|---|---|
| 2025-07-03T16:51:17.704141+00:00 | GHSA Importer | Affected by | VCID-v83x-2hx7-yycg | https://github.com/advisories/GHSA-qx3w-4864-94ch | 37.0.0 |
| 2025-07-03T16:51:17.645174+00:00 | GHSA Importer | Affected by | VCID-d42j-347n-e7en | https://github.com/advisories/GHSA-4jhw-2p6j-5wmp | 37.0.0 |