TYPO3 before 4.4.9 and 4.5.x before 4.5.4 does not apply proper access control on ExtDirect calls which allows remote attackers to retrieve ExtDirect endpoint services.
| Package (Ecosystem) | Introduced | Fixed | Limit |
|---|---|---|---|
| typo3/cms(Packagist) | 0 | 4.4.9 | N/A |
| typo3/cms(Packagist) | 4.5.0 | 4.5.4 | N/A |
CVSS Metrics
