5.3

CVSS Score

3.1

Basic Information

CVE ID

GHSA ID

GHSA-pw2q-qwvj-gh43

EPSS Score

CWE

Published

6/5/2024

Updated

6/5/2024

KEV Status

Technology

PHP

Concerned about an active attack path?

Talk to our security experts and see Miggo in action.

Miggo Vulnerability Database

→

GHSA-pw2q-qwvj-gh43

GHSA-pw2q-qwvj-gh43: Cache Flooding in TYPO3 Frontend

Links with a valid cHash argument lead to newly generated page cache entries. Because the cHash is not bound to a specific page, attackers could use valid cHash arguments for multiple pages, leading to additional useless page cache entries. Depending on the number of pages in the system and the number of available valid links with a cHash, attackers could add a considerable amount of additional cache entries, which in the end exceed storage limits and thus could lead to the system not responding any more. This means the Cache Flooding attack potentially could lead to a successful Denial of Service (DoS) attack.

(GitHub Advisory)

5.3

CVSS Score

3.1

Basic Information

CVE ID

GHSA ID

GHSA-pw2q-qwvj-gh43

EPSS Score

CWE

Published

6/5/2024

Updated

6/5/2024

KEV Status

Technology

PHP

Technical Details

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

Package Name	Ecosystem	Vulnerable Versions	First Patched Version
typo3/cms	composer	>= 6.2.0, < 6.2.27	6.2.27
typo3/cms	composer	>= 7.6.0, < 7.6.11	7.6.11
typo3/cms	composer	>= 8.0.0, < 8.3.1	8.3.1

Vulnerability Intelligence
Miggo AI

Root Cause Analysis

The vulnerability stems from cHash not being page-bound in cache operations. Core caching functions in TypoScriptFrontendController and AbstractPlugin would handle cache key generation and validation(). The functions listed are standard TYPO3 cache handling mechanisms that would need modification to include page context in hash calculations, as indicated by the vulnerability description. While exact patch details are unavailable, these functions are central to the cache entry creation process() and match the described vulnerability pattern.

Vulnerable functions

Only Mi**o us*rs **n s** t*is s**tion

WAF Protection Rules

WAF Rule

Links wit* * v*li* ***s* *r*um*nt l*** to n*wly **n*r*t** p*** ***** *ntri*s. ****us* t** ***s* is not *oun* to * sp**i*i* p***, *tt**k*rs *oul* us* v*li* ***s* *r*um*nts *or multipl* p***s, l***in* to ***ition*l us*l*ss p*** ***** *ntri*s. **p*n*in

Reasoning

T** vuln*r**ility st*ms *rom ***s* not **in* p***-*oun* in ***** op*r*tions. *or* ****in* *un*tions in `TypoS*ript*ront*n**ontroll*r` *n* `**str**tPlu*in` woul* **n*l* ***** k*y **n*r*tion *n* `v*li**tion()`. T** *un*tions list** *r* st*n**r* TYPO* *

5.3

Basic Information

Concerned about an active attack path?

GHSA-pw2q-qwvj-gh43: Cache Flooding in TYPO3 Frontend

5.3

Basic Information

Technical Details

Vulnerability IntelligenceMiggo AI

Root Cause Analysis

Vulnerable functions

WAF Protection Rules

WAF Rule

Reasoning

Vulnerability Intelligence
Miggo AI