VulnerableCode Vulnerability Details

Search for vulnerabilities

Vulnerability details: VCID-pn6v-bye1-33fu

Essentials
Severities (18)
References (9)
Severity details (17)
Exploits (0)
EPSS
History (1)

Vulnerability ID	VCID-pn6v-bye1-33fu
Aliases	CVE-2022-23500 GHSA-8c28-5mp7-v24h
Summary	TYPO3 CMS vulnerable to Denial of Service in Page Error Handling ### Problem Requesting invalid or non-existing resources via HTTP triggers the page error handler, which again could retrieve content to be shown as an error message from another page. This leads to a scenario in which the application is calling itself recursively - amplifying the impact of the initial attack until the limits of the web server are exceeded. This vulnerability is very similar, but not identical, to the one described in [TYPO3-CORE-SA-2021-005](https://typo3.org/security/advisory/typo3-core-sa-2021-005) (CVE-2021-21359). ### Solution Update to TYPO3 versions 9.5.38 ELTS, 10.4.33 or 11.5.20 that fix the problem described above. ### References * [TYPO3-CORE-SA-2022-012](https://typo3.org/security/advisory/typo3-core-sa-2022-012)
Status	Published
Exploitability	0.5
Weighted Severity	6.2
Risk	3.1
Affected and Fixed Packages	Package Details

Weaknesses (4)

CWE-405	Asymmetric Resource Consumption (Amplification)
CWE-674	Uncontrolled Recursion
CWE-1035	OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities
CWE-937	OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities

System	Score	Found at
epss	0.00069	https://api.first.org/data/v1/epss?cve=CVE-2022-23500
cvssv3.1_qr	MODERATE	https://github.com/advisories/GHSA-8c28-5mp7-v24h
cvssv3.1	5.9	https://github.com/FriendsOfPHP/security-advisories/blob/master/typo3/cms/CVE-2022-23500.yaml
generic_textual	MODERATE	https://github.com/FriendsOfPHP/security-advisories/blob/master/typo3/cms/CVE-2022-23500.yaml
cvssv3.1	5.9	https://github.com/TYPO3/typo3
generic_textual	MODERATE	https://github.com/TYPO3/typo3
cvssv3.1	5.9	https://github.com/TYPO3/typo3/commit/1e5f44417f031c9c5a9f9d09a6a841cf89aa7b7a
generic_textual	MODERATE	https://github.com/TYPO3/typo3/commit/1e5f44417f031c9c5a9f9d09a6a841cf89aa7b7a
cvssv3.1	5.9	https://github.com/TYPO3/typo3/commit/73b46b6a627093112cfca4b895a198ca5e1970b7
generic_textual	MODERATE	https://github.com/TYPO3/typo3/commit/73b46b6a627093112cfca4b895a198ca5e1970b7
cvssv3.1	5.9	https://github.com/TYPO3/typo3/security/advisories/GHSA-8c28-5mp7-v24h
cvssv3.1_qr	MODERATE	https://github.com/TYPO3/typo3/security/advisories/GHSA-8c28-5mp7-v24h
generic_textual	MODERATE	https://github.com/TYPO3/typo3/security/advisories/GHSA-8c28-5mp7-v24h
ssvc	Track	https://github.com/TYPO3/typo3/security/advisories/GHSA-8c28-5mp7-v24h
cvssv3.1	5.9	https://nvd.nist.gov/vuln/detail/CVE-2022-23500
generic_textual	MODERATE	https://nvd.nist.gov/vuln/detail/CVE-2022-23500
cvssv3.1	5.9	https://typo3.org/security/advisory/typo3-core-sa-2022-012
generic_textual	MODERATE	https://typo3.org/security/advisory/typo3-core-sa-2022-012

Reference id	Reference type	URL
		https://api.first.org/data/v1/epss?cve=CVE-2022-23500
		https://github.com/FriendsOfPHP/security-advisories/blob/master/typo3/cms/CVE-2022-23500.yaml
		https://github.com/TYPO3/typo3
		https://github.com/TYPO3/typo3/commit/1e5f44417f031c9c5a9f9d09a6a841cf89aa7b7a
		https://github.com/TYPO3/typo3/commit/73b46b6a627093112cfca4b895a198ca5e1970b7
		https://github.com/TYPO3/typo3/security/advisories/GHSA-8c28-5mp7-v24h
		https://nvd.nist.gov/vuln/detail/CVE-2022-23500
		https://typo3.org/security/advisory/typo3-core-sa-2022-012
GHSA-8c28-5mp7-v24h		https://github.com/advisories/GHSA-8c28-5mp7-v24h

No exploits are available.

Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H Found at https://github.com/FriendsOfPHP/security-advisories/blob/master/typo3/cms/CVE-2022-23500.yaml

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H Found at https://github.com/TYPO3/typo3

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H Found at https://github.com/TYPO3/typo3/commit/1e5f44417f031c9c5a9f9d09a6a841cf89aa7b7a

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H Found at https://github.com/TYPO3/typo3/commit/73b46b6a627093112cfca4b895a198ca5e1970b7

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H Found at https://github.com/TYPO3/typo3/security/advisories/GHSA-8c28-5mp7-v24h

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-21T14:53:56Z/ Found at https://github.com/TYPO3/typo3/security/advisories/GHSA-8c28-5mp7-v24h

Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H Found at https://nvd.nist.gov/vuln/detail/CVE-2022-23500

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H Found at https://typo3.org/security/advisory/typo3-core-sa-2022-012

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Exploit Prediction Scoring System (EPSS)

Percentile	0.21589
EPSS Score	0.00069
Published At	June 30, 2025, 12:55 p.m.

Date	Actor	Action	Source	VulnerableCode Version
2025-07-01T12:23:55.332569+00:00	GithubOSV Importer	Import	https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/12/GHSA-8c28-5mp7-v24h/GHSA-8c28-5mp7-v24h.json	36.1.3