-
CVSS Score
-Basic Information
CVE ID
-
GHSA ID
-
EPSS Score
-
CWE
-
Published
-
Updated
-
KEV Status
-
Technology
-
Technical Details
Vulnerability Intelligence
Miggo AI
Miggo AIMiggo AI| Package Name | Ecosystem | Vulnerable Versions | First Patched Version |
|---|---|---|---|
| typo3/cms-core | composer | >= 9.0.0, < 9.5.38 | 9.5.38 |
| typo3/cms-core | composer | >= 10.0.0, < 10.4.33 | 10.4.33 |
| typo3/cms-core | composer | >= 11.0.0, < 11.5.20 | 11.5.20 |
| typo3/cms | composer | >= 10.0.0, < 10.4.33 | 10.4.33 |
| typo3/cms | composer | >= 11.0.0, < 11.5.20 | 11.5.20 |
PHPPHPMiggo AIRoot Cause AnalysisThe vulnerability stems from the error page handling logic in PageContentErrorHandler. The cachePageRequest method was responsible for fetching/caching error pages via external HTTP requests. The pre-patch version lacked: 1) Locking mechanisms to prevent concurrent error page generation attempts, 2) Proper handling of failed error page retrieval (non-200 status codes), and 3) Recursion prevention when error page requests themselves trigger errors. This created an amplification vector where a single invalid request could trigger multiple recursive HTTP calls through the error handler. The patch adds locking (via LockFactory), generic error responses for failed fetches, and timeout reductions - all addressing the core vulnerability mechanisms described in the advisory.
KEV Misses 88% of Exploited CVEs- Get the report