VYPR
Moderate severityNVD Advisory· Published Mar 23, 2021· Updated Aug 3, 2024

Denial of Service in Page Error Handling

CVE-2021-21359

Description

TYPO3 is an open source PHP based web content management system. In TYPO3 before versions 9.5.25, 10.4.14, 11.1.1 requesting invalid or non-existing resources via HTTP triggers the page error handler which again could retrieve content to be shown as error message from another page. This leads to a scenario in which the application is calling itself recursively - amplifying the impact of the initial attack until the limits of the web server are exceeded. This is fixed in versions 9.5.25, 10.4.14, 11.1.1.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected packages

Versions sourced from the GitHub Security Advisory.

PackageAffected versionsPatched versions
typo3/cms-corePackagist
>= 10.0.0, < 10.4.1410.4.14
typo3/cms-corePackagist
>= 11.0.0, < 11.1.111.1.1
typo3/cms-corePackagist
>= 9.0.0, < 9.5.259.5.25
typo3/cmsPackagist
>= 10.0.0, < 10.4.1410.4.14
typo3/cmsPackagist
>= 11.0.0, < 11.1.111.1.1
typo3/cmsPackagist
>= 9.0.0, < 9.5.259.5.25

Affected products

4

Patches

Vulnerability mechanics

References

7

News mentions

0

No linked articles in our index yet.