GHSA-744g-7qm9-hjh9: The TYPO3 CMS Backend has Broken Authentication in Backend MFA

GHSA-6frx-j292-c844: TYPO3 Allows Privilege Escalation to System Maintainer

GHSA-9hq9-cr36-4wpj: TYPO3 Allows Unrestricted File Upload in File Abstraction Layer

GHSA-3jrg-97f3-rqh9: TYPO3 Unverified Password Change for Backend Users

GHSA-x8pv-fgxp-8v3x: TYPO3 Allows Information Disclosure via DBAL Restriction Handling

An SSRF (Server-Side Request Forgery) vulnerability exists in the gradio-app/gradio repository, allowing attackers to scan and identify open ports within an internal network. By manipulating the 'file' parameter in a GET request, an attacker can discern the status of internal ports based on the presence of a 'Location' header or a 'File not allowed' error in the response.

**gradio Server-Side Request Forgery vulnerability**

Moderate severity GitHub Reviewed Published Apr 16, 2024 to the GitHub Advisory Database • Updated Apr 16, 2024

Headline

GHSA-qh6x-j82h-vpf9: gradio Server-Side Request Forgery vulnerability

ghsa: Latest News