#VU89504 Resource exhaustion in TYPO3 - CVE-2024-34358
Published: May 15, 2024
Vulnerability identifier: #VU89504
Vulnerability risk: Medium
CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/U:Green
CVE-ID: CVE-2024-34358
CWE-ID: CWE-400
Exploitation vector: Remote access
Exploit availability:
No public exploit available
Vulnerable software:
TYPO3
TYPO3
Software vendor:
TYPO3
TYPO3
Description
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to application does not properly control consumption of internal resources in ShowImageController. A remote attacker can trigger resource exhaustion and perform a denial of service (DoS) attack.
Remediation
Install updates from vendor's website.
External links
- https://github.com/TYPO3/typo3/security/advisories/GHSA-36g8-62qv-5957
- https://github.com/TYPO3/typo3/commit/05c95fed869a1a6dcca06c7077b83b6ea866ff14
- https://github.com/TYPO3/typo3/commit/1e70ebf736935413b0531004839362b4fb0755a5
- https://github.com/TYPO3/typo3/commit/df7909b6a1cf0f12a42994d0cc3376b607746142
- https://typo3.org/security/advisory/typo3-core-sa-2024-010