Merge pull request #591 from ohader/sec/typo3-october-2021

xabbuh · web-flow · commit b442a2ff3b6a · 2021-10-05T15:25:15.000+02:00
Add security advisories for TYPO3 v11.5 LTS release
diff --git a/typo3/cms-core/CVE-2021-41113.yaml b/typo3/cms-core/CVE-2021-41113.yaml
@@ -0,0 +1,8 @@
+title: 'TYPO3-CORE-SA-2021-014: Cross-Site-Request-Forgery in Backend URI Handling'
+link: 'https://typo3.org/security/advisory/typo3-core-sa-2021-014'
+cve: CVE-2021-41113
+branches:
+    11.x:
+        time: '2021-10-05 11:02:10'
+        versions: ['>=11.2.0', '<11.5.0']
+reference: 'composer://typo3/cms-core'
diff --git a/typo3/cms-core/CVE-2021-41114.yaml b/typo3/cms-core/CVE-2021-41114.yaml
@@ -0,0 +1,8 @@
+title: 'TYPO3-CORE-SA-2021-015: HTTP Host Header Injection in Request Handling'
+link: 'https://typo3.org/security/advisory/typo3-core-sa-2021-015'
+cve: CVE-2021-41114
+branches:
+    11.x:
+        time: '2021-10-05 11:02:47'
+        versions: ['>=11.0.0', '<11.5.0']
+reference: 'composer://typo3/cms-core'
diff --git a/typo3/cms/CVE-2021-41113.yaml b/typo3/cms/CVE-2021-41113.yaml
@@ -0,0 +1,8 @@
+title: 'TYPO3-CORE-SA-2021-014: Cross-Site-Request-Forgery in Backend URI Handling'
+link: 'https://typo3.org/security/advisory/typo3-core-sa-2021-014'
+cve: CVE-2021-41113
+branches:
+    11.x:
+        time: '2021-10-05 11:02:10'
+        versions: ['>=11.2.0', '<11.5.0']
+reference: 'composer://typo3/cms'
diff --git a/typo3/cms/CVE-2021-41114.yaml b/typo3/cms/CVE-2021-41114.yaml
@@ -0,0 +1,8 @@
+title: 'TYPO3-CORE-SA-2021-015: HTTP Host Header Injection in Request Handling'
+link: 'https://typo3.org/security/advisory/typo3-core-sa-2021-015'
+cve: CVE-2021-41114
+branches:
+    11.x:
+        time: '2021-10-05 11:02:47'
+        versions: ['>=11.0.0', '<11.5.0']
+reference: 'composer://typo3/cms'
