Uncontrolled Recursion in TYPO3 - CVE-2022-36104
Published: September 13, 2022 / Updated: May 5, 2026
TYPO3
Detailed vulnerability description
The vulnerability allows a remote attacker to cause a denial of service.
The vulnerability exists due to uncontrolled recursion in the page error handler when handling requests for invalid or non-existing resources via HTTP. A remote attacker can send crafted requests for invalid or non-existing resources to cause a denial of service.
The issue can cause the application to call itself recursively, amplifying the impact until web server limits are exceeded.