Dear users of TYPO3, A problem has been discovered in the extension tipafriend, which allows attackers to send arbitrary mail headers and similar, which can lead to misuse of the extension.
==== Component Type ==== Third party extension. The extension is not part of the TYPO3 default installation ==== Affected Versions ==== 1.2.2 and earlier ==== Vulnerability Type ==== Header Injection ==== Severity ==== HIGH ==== Solution ==== An updated version 1.2.3 is available in the extension repository and at http://typo3.org/extensions/repository/view/tipafriend/1.2.3/ ==== General advice ==== Follow the recommendations that are given in the TYPO3 Security Cookbook. ==== Credits ==== Thanks to security team members Thorsten Kahler and Andreas Otto, who discovered the issue and provided a fix when reporting it to the security team. Regards, TYPO3 Security Team Lars Houmark _______________________________________________ TYPO3-german mailing list TYPO3-german@lists.netfielders.de http://lists.netfielders.de/cgi-bin/mailman/listinfo/typo3-german