CVE-2019-12747
published 2019-07-09CVE-2019-12747: TYPO3 8.x through 8.7.26 and 9.x through 9.5.7 allows Deserialization of Untrusted Data.
PriorityP346high8.8CVSS 3.1
AVNACLPRLUINSUCHIHAH
EPSS
1.52%
71.5th percentile
TYPO3 8.x through 8.7.26 and 9.x through 9.5.7 allows Deserialization of Untrusted Data.
Affected
6 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| typo3 | cms | >= 8.0.0 < 8.7.27 | 8.7.27 |
| typo3 | cms | >= 9.0.0 < 9.5.8 | 9.5.8 |
| typo3 | cms-core | >= 8.0.0 < 8.7.27 | 8.7.27 |
| typo3 | cms-core | >= 9.0.0 < 9.5.8 | 9.5.8 |
| typo3 | typo3 | 8.3.0 – 8.7.26 | — |
| typo3 | typo3 | 9.0.0 – 9.5.7 | — |
CVSS provenance
nvdv3.18.8HIGHCVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
nvdv2.06.5MEDIUMAV:N/AC:L/Au:S/C:P/I:P/A:P
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
TYPO3 Vulnerable to Insecure Deserialization
ghsa·2022-05-24
CVE-2019-12747 [HIGH] CWE-502 TYPO3 Vulnerable to Insecure Deserialization
TYPO3 Vulnerable to Insecure Deserialization
TYPO3 8.x through 8.7.26 and 9.x through 9.5.7 allows Deserialization of Untrusted Data.
OSV
TYPO3 Vulnerable to Insecure Deserialization
osv·2022-05-24
CVE-2019-12747 [HIGH] TYPO3 Vulnerable to Insecure Deserialization
TYPO3 Vulnerable to Insecure Deserialization
TYPO3 8.x through 8.7.26 and 9.x through 9.5.7 allows Deserialization of Untrusted Data.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2019-07-09
Published