GHSA-45xg-4w5x-j429: 
PHP vulnerability analysis and mitigation

The vulnerability (GHSA-45xg-4w5x-j429) is an Arbitrary Shell Execution vulnerability in the Swiftmailer library used by TYPO3 CMS. The issue was discovered and disclosed on October 22, 2014, affecting TYPO3 CMS versions 6.2.0-6.2.5, 6.1.0-6.1.11, 4.7.0-4.7.19, and 4.5.0-4.5.36. This vulnerability has been assigned a High severity rating with a CVSS score of 8.1 (GitHub Advisory).

The vulnerability allows execution of arbitrary shell commands when the 'From' header comes from a non-trusted source and no 'Return-Path' is configured. The issue specifically affects TYPO3 installations where the configuration option $GLOBALS['TYPO3_CONF_VARS']['MAIL']['transport'] is set to 'sendmail'. The vulnerability exists in the SendmailTransport.php file where the reverse path was not properly escaped (TYPO3 Commit).

The vulnerability enables attackers to execute arbitrary shell commands on affected systems, potentially leading to system compromise. However, installations using the default configuration are not affected by this vulnerability (TYPO3 Advisory).

The vulnerability was patched in TYPO3 versions 6.2.6, 6.1.12, 4.7.20, and 4.5.37. Users are advised to upgrade to these patched versions. The fix involves properly escaping the reverse path in the SendmailTransport class using escapeshellarg() (TYPO3 Advisory).