Skip to main content

Open Redirect CVE-2024-55892

MEDIUM
URL Redirection to Untrusted Site (Open Redirect) (CWE-601)
2025-01-14 security-advisories@github.com
Open Redirect SSRF Typo3
4.8
CVSS 3.1 · GitHub Advisory
Share

Severity by source

GitHub Advisory PRIMARY
4.8 MEDIUM
AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N

Primary rating from GitHub Advisory · only source for this CVE.

CVSS VectorGitHub Advisory

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N
Attack Vector
Network
Attack Complexity
High
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
Low
Integrity
Low
Availability
None

Lifecycle Timeline

3
Patch released
Mar 31, 2026 - 21:13 nvd
Patch available
Analysis Generated
Mar 28, 2026 - 18:03 vuln.today
CVE Published
Jan 14, 2025 - 20:15 nvd
MEDIUM 4.8

DescriptionGitHub Advisory

TYPO3 is a free and open source Content Management Framework. Applications that use TYPO3\CMS\Core\Http\Uri to parse externally provided URLs (e.g., via a query parameter) and validate the host of the parsed URL may be vulnerable to open redirect or SSRF attacks if the URL is used after passing the validation checks. Users are advised to update to TYPO3 versions 9.5.49 ELTS, 10.4.48 ELTS, 11.5.42 LTS, 12.4.25 LTS, 13.4.3 which fix the problem described. There are no known workarounds for this vulnerability.

AnalysisAI

TYPO3 is a free and open source Content Management Framework. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Technical ContextAI

This vulnerability is classified as Open Redirect (CWE-601), which allows attackers to redirect users to malicious websites via URL manipulation. TYPO3 is a free and open source Content Management Framework. Applications that use TYPO3\CMS\Core\Http\Uri to parse externally provided URLs (e.g., via a query parameter) and validate the host of the parsed URL may be vulnerable to open redirect or SSRF attacks if the URL is used after passing the validation checks. Users are advised to update to TYPO3 versions 9.5.49 ELTS, 10.4.48 ELTS, 11.5.42 LTS, 12.4.25 LTS, 13.4.3 which fix the problem described. There are no known workarounds for this vulnerability. Affected products include: Typo3.

RemediationAI

No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Validate redirect destinations against an allowlist, avoid using user input in redirect URLs.

More from same product – last 7 days

CVE-2026-35259 HIGH
8.8 Jun 16

Full takeover of Oracle WebLogic Server 14.1.2.0.0 and 15.1.1.0.0 is achievable by remote unauthenticated attackers via

CVE-2026-47645 HIGH
8.8 Jun 19

Privilege elevation in Microsoft 365 Copilot's Business Chat is possible when an attacker abuses an open redirect (CWE-6
CVE-2026-35258 HIGH
8.7 Jun 16

Cross-scope data compromise in Oracle WebLogic Server 14.1.2.0.0 and 15.1.1.0.0 allows a low-privileged remote attacker

CVE-2026-35302 HIGH
8.3 Jun 16

Server takeover in Oracle WebLogic Server 12.2.1.4.0 and 14.1.1.0.0 (Console component) allows a remote unauthenticated

CVE-2026-46806 HIGH
8.2 Jun 16

Cross-context compromise of Oracle WebCenter Content 14.1.2.0.0 (Content Server component) allows a remote unauthenticat

Share

CVE-2024-55892 vulnerability details – vuln.today
Back

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy