Dear TYPO3 users,
several vulnerabilities have been found in the following third party TYPO3
extensions:
"Events 2" (events2)
"Integration of Friendly Captcha" (friendlycaptcha_official)
"Aimeos shop and e-commerce framework" (aimeos)
For further information on the issues, please read the related advisories
TYPO3-EXT-SA-2024-003, TYPO3-EXT-SA-2024-004 and TYPO3-EXT-SA-2024-005
which were published today:
TYPO3-EXT-SA-2024-003: Multiple vulnerabilities in "Events 2" (events2)
[1]https://typo3.org/security/advisory/typo3-ext-sa-2024-003
TYPO3-EXT-SA-2024-004: Broken Access Control in "Integration of Friendly
Captcha" (friendlycaptcha_official)
[2]TYPO3-EXT-SA-2024-004: Broken Access Control in "Integration of Friendly Captcha" (friendlycaptcha_official)
TYPO3-EXT-SA-2024-005: Multiple vulnerabilities in "Aimeos shop and e-commerce
framework" (aimeos)
[3]https://typo3.org/security/advisory/typo3-ext-sa-2024-005
In general the TYPO3 Security Team recommends to read the following pages:
The TYPO3 Security Guide:
[4]Security guidelines — TYPO3 Explained main documentation
Make sure you are subscribed to the TYPO3 Announce List:
[5]https://lists.typo3.org/cgi-bin/mailman/listinfo/typo3-announce
See all TYPO3 security advisories:
[6]TYPO3 Security Bulletins
Regards,
Torben Hansen
Member of the TYPO3 Security Team