Dear TYPO3 users,
several vulnerabilities have been found in the following third party TYPO3
extensions:
"2 Clicks for External Media" (media2click)
"Dynamic Content Element" (dce)
"Yoast SEO for TYPO3" (yoast_seo)
"Bootstrap Package" (bootstrap_package)
For further information on the issues, please read the related advisories
TYPO3-EXT-SA-2021-004, TYPO3-EXT-SA-2021-005, TYPO3-EXT-SA-2021-006 and
TYPO3-EXT-SA-2021-007 which were published today:
TYPO3-EXT-SA-2021-004: Cross-Site Scripting in extension "2 Clicks for
External Media" (media2click)
[1]https://typo3.org/security/advisory/typo3-ext-sa-2021-004
TYPO3-EXT-SA-2021-005: SQL Injection in extension "Dynamic Content Element"
(dce)
[2]https://typo3.org/security/advisory/typo3-ext-sa-2021-005
TYPO3-EXT-SA-2021-006: Server-side request forgery in extension "Yoast SEO for
TYPO3" (yoast_seo)
[3]https://typo3.org/security/advisory/typo3-ext-sa-2021-006
TYPO3-EXT-SA-2021-007: Cross-Site Scripting in extension "Bootstrap Package"
(bootstrap_package)
[4]https://typo3.org/security/advisory/typo3-ext-sa-2021-007
In general the TYPO3 Security Team recommends to read the following pages:
The TYPO3 Security Guide:
[5]https://docs.typo3.org/typo3cms/CoreApiReference/Security/Index.html
Make sure you are subscribed to the TYPO3 Announce List:
[6]https://lists.typo3.org/cgi-bin/mailman/listinfo/typo3-announce
See all TYPO3 security advisories:
[7]https://typo3.org/help/security-advisories/
Regards,
Torben Hansen
Member of the TYPO3 Security Team