GHSA-h22q-g2c7-2jwj

Suggest an improvement
Source
https://github.com/advisories/GHSA-h22q-g2c7-2jwj
Import Source
https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-h22q-g2c7-2jwj/GHSA-h22q-g2c7-2jwj.json
JSON Data
https://api.osv.dev/v1/vulns/GHSA-h22q-g2c7-2jwj
Aliases
  • CVE-2007-4190
Published
2022-05-01T18:21:10Z
Modified
2024-12-03T06:09:14.075687Z
Summary
Joomla! vulnerable to CRLF injection
Details

CRLF injection vulnerability in Joomla! before 1.0.13 (aka Sunglow) allows remote attackers to inject arbitrary HTTP headers and probably conduct HTTP response splitting attacks via CRLF sequences in the url parameter. NOTE: this can be leveraged for cross-site scripting (XSS) attacks. NOTE: some of these details are obtained from third party information.

Database specific 
{
    "nvd_published_at": "2007-08-08T01:17:00Z",
    "cwe_ids": [
        "CWE-93"
    ],
    "severity": "MODERATE",
    "github_reviewed": true,
    "github_reviewed_at": "2023-09-22T21:41:58Z"
}
References

Affected packages

Packagist / joomla/application

Package

Name
joomla/application
Purl
pkg:composer/joomla/application

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
1.0.13

Affected versions

1.*

1.0-alpha
1.0-beta
1.0-beta2
1.0-beta3
1.0