Skip to content

Commit af3095d

Browse files
1 parent 0a6e5f4 commit af3095d

1 file changed

Lines changed: 66 additions & 3 deletions

File tree

advisories/unreviewed/2026/05/GHSA-fq39-62gx-8hqx/GHSA-fq39-62gx-8hqx.json

Lines changed: 66 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -1,24 +1,87 @@
11
{
22
"schema_version": "1.4.0",
33
"id": "GHSA-fq39-62gx-8hqx",
4-
"modified": "2026-05-19T12:31:39Z",
4+
"modified": "2026-05-19T12:31:40Z",
55
"published": "2026-05-19T12:31:39Z",
66
"aliases": [
77
"CVE-2026-46722"
88
],
9+
"summary": "TYPO3 extension \"ke_search\" affected by XML External Entity injection",
910
"details": "The OOXML parsing of the file indexer does not disable external entity resolution. A crafted xlsx or pptx document placed in an indexed directory can cause local files to be read or outbound HTTP requests to be performed, with the retrieved content being written to the search index.",
1011
"severity": [
1112
{
1213
"type": "CVSS_V4",
13-
"score": "CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:N/VC:H/VI:N/VA:N/SC:L/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"
14+
"score": "CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:N/VC:H/VI:N/VA:N/SC:L/SI:N/SA:N"
15+
}
16+
],
17+
"affected": [
18+
{
19+
"package": {
20+
"ecosystem": "Packagist",
21+
"name": "tpwd/ke_search"
22+
},
23+
"ranges": [
24+
{
25+
"type": "ECOSYSTEM",
26+
"events": [
27+
{
28+
"introduced": "7.0.0"
29+
},
30+
{
31+
"fixed": "7.0.1"
32+
}
33+
]
34+
}
35+
]
36+
},
37+
{
38+
"package": {
39+
"ecosystem": "Packagist",
40+
"name": "tpwd/ke_search"
41+
},
42+
"ranges": [
43+
{
44+
"type": "ECOSYSTEM",
45+
"events": [
46+
{
47+
"introduced": "6.0.0"
48+
},
49+
{
50+
"fixed": "6.6.1"
51+
}
52+
]
53+
}
54+
]
55+
},
56+
{
57+
"package": {
58+
"ecosystem": "Packagist",
59+
"name": "tpwd/ke_search"
60+
},
61+
"ranges": [
62+
{
63+
"type": "ECOSYSTEM",
64+
"events": [
65+
{
66+
"introduced": "0"
67+
},
68+
{
69+
"fixed": "5.6.2"
70+
}
71+
]
72+
}
73+
]
1474
}
1575
],
16-
"affected": [],
1776
"references": [
1877
{
1978
"type": "ADVISORY",
2079
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-46722"
2180
},
81+
{
82+
"type": "PACKAGE",
83+
"url": "https://github.com/tpwd/ke_search"
84+
},
2285
{
2386
"type": "WEB",
2487
"url": "https://typo3.org/security/advisory/typo3-ext-sa-2026-011"

0 commit comments

Comments
 (0)