[TYPO3-announce] [Ticket#2024061810000026] Vulnerabilities in multiple third party TYPO3 CMS extensions

Dear TYPO3 users,

several vulnerabilities have been found in the following third party TYPO3

"Events 2" (events2)
"Integration of Friendly Captcha" (friendlycaptcha_official)
"Aimeos shop and e-commerce framework" (aimeos)

For further information on the issues, please read the related advisories
TYPO3-EXT-SA-2024-003, TYPO3-EXT-SA-2024-004 and TYPO3-EXT-SA-2024-005
which were published today:

TYPO3-EXT-SA-2024-003: Multiple vulnerabilities in "Events 2" (events2)

TYPO3-EXT-SA-2024-004: Broken Access Control in "Integration of Friendly
Captcha" (friendlycaptcha_official)
[2]TYPO3-EXT-SA-2024-004: Broken Access Control in "Integration of Friendly Captcha" (friendlycaptcha_official)

TYPO3-EXT-SA-2024-005: Multiple vulnerabilities in "Aimeos shop and e-commerce
framework" (aimeos)

In general the TYPO3 Security Team recommends to read the following pages:

The TYPO3 Security Guide:
[4]Security guidelines — TYPO3 Explained main documentation

Make sure you are subscribed to the TYPO3 Announce List:

See all TYPO3 security advisories:
[6]TYPO3 Security Bulletins


Torben Hansen
Member of the TYPO3 Security Team