Vulnerability Details : CVE-2021-21357
TYPO3 is an open source PHP based web content management system. In TYPO3 before versions 8.7.40, 9.5.25, 10.4.14, 11.1.1 due to improper input validation, attackers can by-pass restrictions of predefined options and submit arbitrary data in the Form Designer backend module of the Form Framework. In the default configuration of the Form Framework this allows attackers to explicitly allow arbitrary mime-types for file uploads - however, default _fileDenyPattern_ successfully blocked files like _.htaccess_ or _malicious.php_. Besides that, attackers can persist those files in any writable directory of the corresponding TYPO3 installation. A valid backend user account with access to the form module is needed to exploit this vulnerability. This is fixed in versions 8.7.40, 9.5.25, 10.4.14, 11.1.1.
Vulnerability category: Directory traversalInput validation
Products affected by CVE-2021-21357
- cpe:2.3:a:typo3:typo3:*:*:*:*:*:*:*:*
- cpe:2.3:a:typo3:typo3:*:*:*:*:*:*:*:*
- cpe:2.3:a:typo3:typo3:*:*:*:*:*:*:*:*
- cpe:2.3:a:typo3:typo3:*:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2021-21357
1.12%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 76 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2021-21357
| Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
|---|---|---|---|---|---|---|
|
6.5
|
MEDIUM | AV:N/AC:L/Au:S/C:P/I:P/A:P |
8.0
|
6.4
|
NIST | |
|
8.3
|
HIGH | CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:H |
2.8
|
5.5
|
NIST | |
|
8.3
|
HIGH | CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:H |
2.8
|
5.5
|
GitHub, Inc. |
CWE ids for CVE-2021-21357
-
The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.Assigned by: security-advisories@github.com (Primary)
-
The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.Assigned by: security-advisories@github.com (Primary)
-
The product allows the upload or transfer of dangerous file types that are automatically processed within its environment.Assigned by: security-advisories@github.com (Primary)
References for CVE-2021-21357
-
https://packagist.org/packages/typo3/cms-form
typo3/cms-form - PackagistRelease Notes;Third Party Advisory
-
https://typo3.org/security/advisory/typo3-core-sa-2021-003
TYPO3-CORE-SA-2021-003: Broken Access Control in Form FrameworkVendor Advisory
-
https://github.com/TYPO3/TYPO3.CMS/security/advisories/GHSA-3vg7-jw9m-pc3f
Broken Access Control in Form Framework · Advisory · TYPO3/TYPO3.CMS · GitHubThird Party Advisory
Jump to