[TYPO3-ttnews] info about TYPO3-EXT-SA-2014-003: Insecure Unserialize in extension News (tt_news)

Rupert Germann rupi at gmx.li
Wed Feb 12 15:23:10 CET 2014

Previous message: [TYPO3-ttnews] TYPO3-EXT-SA-2014-003: Insecure Unserialize
Next message: [TYPO3-ttnews] Re: TYPO3-EXT-SA-2014-003: Insecure Unserialize
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Hi,

some words about the vulnerability in tt_news:

the affected/unsafe part of tt_news is the category menu (CATMENU) in 
mode "ajaxtree" when it is displayed on the website.

That means:
if you don't use a CATMENU on your website, you're save.

greets
Rupert

Previous message: [TYPO3-ttnews] TYPO3-EXT-SA-2014-003: Insecure Unserialize
Next message: [TYPO3-ttnews] Re: TYPO3-EXT-SA-2014-003: Insecure Unserialize
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

More information about the TYPO3-project-tt-news mailing list