XML External Entity (XXE) Processing in TYPO3 Core

Published: Jun 4, 2024
Updated: Jun 27, 2024
GHSA: <a href="https://github.com/advisories/GHSA-qffc-gwpp-m2xr" target="_blank" rel="noopener"> GHSA-qffc-gwpp-m2xr
Severity: High
Exploit:

All XML processing within the TYPO3 CMS are vulnerable to XEE processing. This can lead to load internal and/or external (file) content within an XML structure. Furthermore it is possible to inject arbitrary files for an XML Denial of Service attack. For more information on that topic see https://www.owasp.org/index.php/XML_External_Entity_(XXE)_Processing.