← All advisories

Moderate severityNVD Advisory· Published Nov 5, 2019· Updated Aug 7, 2024

CVE-2010-3670

CVE-2010-3670

Description

TYPO3 before 4.3.4 and 4.4.x before 4.4.1 contains insecure randomness during generation of a hash with the "forgot password" function.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected packages

Versions sourced from the GitHub Security Advisory.

Package	Affected versions	Patched versions
typo3/cms-frontendPackagist	< 4.3.4	4.3.4
typo3/cms-frontendPackagist	>= 4.4.0, < 4.4.1	4.4.1

Affected products

2

TYPO3/TYPO3description
ghsa-coords
pkg:composer/typo3/cms-frontend
Range: < 4.3.4

Patches

Vulnerability mechanics

Generated on May 9, 2026. Inputs: CWE entries + fix-commit diffs from this CVE's patches. Citations validated against bundle.

References

7

github.com/advisories/GHSA-3276-p9f2-8q89ghsaADVISORY
nvd.nist.gov/vuln/detail/CVE-2010-3670ghsaADVISORY
bugs.debian.org/cgi-bin/bugreport.cgighsax_refsource_MISCWEB
github.com/TYPO3/typo3/commit/09ab77653161f23e266470a5984d4d5e64588355ghsaWEB
github.com/TYPO3/typo3/commit/c03e944d200bf427bb18cad15f2ad36bc83061c9ghsaWEB
security-tracker.debian.org/tracker/CVE-2010-3670ghsax_refsource_MISCWEB
typo3.org/security/advisory/typo3-sa-2010-012/ghsax_refsource_CONFIRMWEB

News mentions

0

No linked articles in our index yet.