Tue. 19th July, 2016
It has been discovered, that PHP exposes the risk of Environment Variable Injection and TYPO3 is vulnerable through third party library guzzlehttp/guzzle
This is a companion discussion topic for the original entry at https://typo3.org/article/typo3-core-sa-2016-019