CVE-2019-11832
TYPO3 Image Processing susceptible to Code Execution
7.5
HIGH
CVSS 3.1
EPSS 0.90%
Description
TYPO3 8.x before 8.7.25 and 9.x before 9.5.6 is susceptible to remote code execution because it does not properly configure the applications used for image processing, as demonstrated by ImageMagick or GraphicsMagick. For a successful exploit, the GhostScript binary `gs` must be available on the server system.
How to fix CVE-2019-11832
To remediate CVE-2019-11832, upgrade the affected package to a fixed version below.
- —upgrade to 8.7.25 or later
- —upgrade to 8.7.25 or later
Is CVE-2019-11832 being exploited?
Low — EPSS is 0.9%, meaning exploitation activity has not been observed at scale.
Affected packages (2)
- >= 8.0.0, < 8.7.25
- >= 8.0.0, < 8.7.25
CVSS scores
| Source | Version | Severity | Vector |
|---|---|---|---|
| osv | CVSS 3.1 | HIGH7.5 | CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H |