It has been discovered that an internal verification mechanism can be used to generate arbitrary checksums. This allows to inject arbitrary data having a valid cryptographic message authentication code (HMAC-SHA1) and can lead to various attack chains.
Due to the seriousness and ease of exploitation of this vulnerability and the still widespread use of TYPO3 6.2, we have decided to make this update available to all TYPO3 6.2 users, not just TYPO3 ELTS 6.2 customers.
For details, see https://typo3.org/security/advisory/typo3-psa-2020-001.
Reference #897
