{
  "schema_version": "1.4.0",
  "id": "GHSA-gqqf-g5r7-84vf",
  "modified": "2022-09-15T03:26:51Z",
  "published": "2022-09-15T03:26:51Z",
  "aliases": [],
  "summary": "TYPO3 HTML Sanitizer Bypasses Cross-Site Scripting Protection",
  "details": "> ### Meta\n> * CVSS: `CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N/E:F/RL:O/RC:C` (5.7)\n\n### Problem\nDue to a parsing issue in upstream package [`masterminds/html5`](https://packagist.org/packages/masterminds/html5), malicious markup used in a sequence with special HTML comments cannot be filtered and sanitized. This allows to by-pass the cross-site scripting mechanism of [`typo3/html-sanitizer`](https://github.com/TYPO3/html-sanitizer).\n\n### Solution\nUpdate to TYPO3 version 7.6.58 ELTS, 8.7.48 ELTS, 9.5.37 ELTS, 10.4.32 or 11.5.16 that fix the problem described above.\n\n### Credits\nThanks to David Klein who reported this issue, and to TYPO3 security team member Oliver Hader who fixed the issue.\n\n### References\n* [TYPO3-CORE-SA-2022-011](https://typo3.org/security/advisory/typo3-core-sa-2022-011)\n* [GHSA-47m6-46mj-p235](https://github.com/TYPO3/html-sanitizer/security/advisories/GHSA-47m6-46mj-p235)\n",
  "severity": [
    {
      "type": "CVSS_V3",
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"
    }
  ],
  "affected": [
    {
      "package": {
        "ecosystem": "Packagist",
        "name": "typo3/cms-core"
      },
      "ranges": [
        {
          "type": "ECOSYSTEM",
          "events": [
            {
              "introduced": "7.0.0"
            },
            {
              "fixed": "7.6.58"
            }
          ]
        }
      ],
      "database_specific": {
        "last_known_affected_version_range": "<= 7.6.57"
      }
    },
    {
      "package": {
        "ecosystem": "Packagist",
        "name": "typo3/cms-core"
      },
      "ranges": [
        {
          "type": "ECOSYSTEM",
          "events": [
            {
              "introduced": "8.0.0"
            },
            {
              "fixed": "8.7.48"
            }
          ]
        }
      ],
      "database_specific": {
        "last_known_affected_version_range": "<= 8.7.47"
      }
    },
    {
      "package": {
        "ecosystem": "Packagist",
        "name": "typo3/cms-core"
      },
      "ranges": [
        {
          "type": "ECOSYSTEM",
          "events": [
            {
              "introduced": "9.0.0"
            },
            {
              "fixed": "9.5.37"
            }
          ]
        }
      ],
      "database_specific": {
        "last_known_affected_version_range": "<= 9.5.36"
      }
    },
    {
      "package": {
        "ecosystem": "Packagist",
        "name": "typo3/cms-core"
      },
      "ranges": [
        {
          "type": "ECOSYSTEM",
          "events": [
            {
              "introduced": "10.0.0"
            },
            {
              "fixed": "10.4.32"
            }
          ]
        }
      ],
      "database_specific": {
        "last_known_affected_version_range": "<= 10.4.31"
      }
    },
    {
      "package": {
        "ecosystem": "Packagist",
        "name": "typo3/cms-core"
      },
      "ranges": [
        {
          "type": "ECOSYSTEM",
          "events": [
            {
              "introduced": "11.0.0"
            },
            {
              "fixed": "11.5.16"
            }
          ]
        }
      ],
      "database_specific": {
        "last_known_affected_version_range": "<= 11.5.15"
      }
    }
  ],
  "references": [
    {
      "type": "WEB",
      "url": "https://github.com/TYPO3/typo3/security/advisories/GHSA-gqqf-g5r7-84vf"
    },
    {
      "type": "WEB",
      "url": "https://github.com/TYPO3/typo3/commit/d4f260570abd934fcf3819370a135bef33d729b7"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/TYPO3/typo3"
    }
  ],
  "database_specific": {
    "cwe_ids": [],
    "severity": "MODERATE",
    "github_reviewed": true,
    "github_reviewed_at": "2022-09-15T03:26:51Z",
    "nvd_published_at": null
  }
}