VYPR

Packagist (Composer) package

cpsit/typo3-mailqueue

pkg:composer/cpsit/typo3-mailqueue

Vulnerabilities (2)

  • CVE-2026-1323HigMar 17, 2026
    affected < 0.4.5fixed 0.4.5

    The extension fails to properly define allowed classes used when deserializing transport failure metadata. An attacker may exploit this to execute untrusted serialized code. Note that an active exploit requires write access to the directory configured at $GLOBALS['TYPO3_CONF_VARS

  • CVE-2026-0895MedJan 20, 2026
    affected < 0.4.3fixed 0.4.3

    The extension extends TYPO3’ FileSpool component, which was vulnerable to Insecure Deserialization prior to TYPO3-CORE-SA-2026-004 https://typo3.org/security/advisory/typo3-core-sa-2026-004 . Since the related fix is overwritten by the extension, using the extension with a patch