GHSA-m2q4-qghh-p9cq

Source

https://github.com/advisories/GHSA-m2q4-qghh-p9cq

Import Source

https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2021/05/GHSA-m2q4-qghh-p9cq/GHSA-m2q4-qghh-p9cq.json

JSON Data

https://api.osv.dev/v1/vulns/GHSA-m2q4-qghh-p9cq

Aliases

CVE-2021-31779

Published

2021-05-21T19:21:38Z

Modified

2023-11-08T04:05:50.727002Z

Severity

6.4 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N CVSS Calculator

Summary

Server-Side Request Forgery in yoast_seo

Details

The yoast_seo (aka Yoast SEO) extension before 7.2.1 for TYPO3 allows SSRF via a backend user account.

Database specific

{
    "nvd_published_at": "2021-04-28T07:15:00Z",
    "github_reviewed_at": "2021-05-20T22:39:55Z",
    "severity": "MODERATE",
    "github_reviewed": true,
    "cwe_ids": [
        "CWE-918"
    ]
}

References

Affected packages

Packagist / yoast-seo-for-typo3/yoast_seo

Package

Name: yoast-seo-for-typo3/yoast_seo
Purl: pkg:composer/yoast-seo-for-typo3/yoast_seo

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

7.2.1

Affected versions

v1.*

v1.0-beta

v1.0-rc

v1.0

v1.0.1

v1.1.0

v1.1.1

v1.1.2

v1.2.0

v1.2.1

v1.2.2

v1.2.3

v1.3.0

v1.4.0

v1.4.1

v2.*

v2.0.0

v2.0.1

v2.0.2

v2.1.0

v3.*

v3.0.0

v3.0.1

v3.0.2

v3.0.3

v3.0.4

v3.0.5

v4.*

v4.0.0

v4.1.0

v5.*

v5.0.0

v5.0.1

v5.1.0

v5.1.1

v6.*

v6.0.0

v6.0.1

v7.*

v7.0.0

v7.0.1

v7.0.2

v7.0.3

v7.0.4

v7.0.5

v7.0.6

v7.0.7

7.*

7.1.0

7.1.1

7.1.2

7.1.3

7.2.0