Denial of Service Vulnerability in TYPO3 Deferred Image Processing Extension
CVE-2021-38623

7.5HIGH

Key Information:

Vendor: Deferred Image Processing Project
Status: Deferred Image Processing
Vendor: CVE Published:; 13 August 2021

🔔 Create Deferred Image Processing Project Vulnerability Alert

What is CVE-2021-38623?

The Deferred Image Processing extension, prior to version 1.0.2, for TYPO3 is vulnerable to Denial of Service due to excessive disk space consumption in the /var/transient directory when interfacing with the FAL API. This vulnerability can lead to significant service interruptions, as it may exhaust available storage, impeding normal operations and accessibility of the application.

References

https://typo3.org/security/advisory/typo3-ext-sa-2021-009

x_refsource_MISC

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Aug 13, 2021
Vulnerability Reserved
Aug 13, 2021