Security: Tip-A-Friend TYPO3 extensie

Er is een beveiligingsrisico gevonden in de TYPO3 extensie Tip-a-friend.

Kwaadwillenden kunnen hierdoor misbruik maken van deze extensie.

Engelse versie van de melding:

A problem has been discovered in the extension tipafriend, which allows
attackers to send arbitrary mail headers and similar, which can lead to
misuse of the extension.

==== Component Type ====
Third party extension. The extension is not part of the TYPO3 default
installation

==== Affected Versions ====
1.2.2 and earlier

==== Vulnerability Type ====
Header Injection

==== Severity ====
HIGH

==== Solution ====
An updated version 1.2.3 is available in the extension repository and at
typo3.org/extensions/repository/view/tipafriend/1.2.3/

==== General advice ====
Follow the recommendations that are given in the TYPO3 Security Cookbook.

==== Credits ====
Thanks to security team members Thorsten Kahler and Andreas Otto, who
discovered the issue and provided a fix when reporting it to the security
team.