The TYPO3 security team has identified a critical security issue in the TYPO3 v4 Core.
The following branches are affected by the vulnerability:
* TYPO3 4.3
* TYPO3 4.4
* TYPO3 4.5
* TYPO3 4.6
Only TYPO3 installations which use the frontend login functionality are affected by this vulnerability.
Newer TYPO3 versions (4.7.0 or higher) are NOT affected!
A TYPO3 4.5.40 release containing a security fix will be published the day after tomorrow, Thursday 19th of February at about 10:00 am CET.
If possible, we will provide patches for not supported releases.
Since this is a very important security fix, please be prepared to update your TYPO3 installations on Thursday.
Until the advisory is out, please understand that we cannot provide any further information.
CVSS v2.0 data on the to be released bulletin:
Base AV:N/AC:L/Au:N/C:P/I:P/A:N | Temporal E:F/RL:O/RC:C