GHSA-m3xv-x3ph-mq22

Source

https://github.com/advisories/GHSA-m3xv-x3ph-mq22

Import Source

https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/03/GHSA-m3xv-x3ph-mq22/GHSA-m3xv-x3ph-mq22.json

JSON Data

https://api.osv.dev/v1/vulns/GHSA-m3xv-x3ph-mq22

Aliases

CVE-2021-44618

Published

2022-03-12T00:00:34Z

Modified

2023-11-08T04:07:17.785171Z

Severity

9.8 (Critical) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS Calculator

Summary

Server-side Template Injection in nystudio107/craft-seomatic

Details

A Server-side Template Injection (SSTI) vulnerability exists in Nystudio107 Seomatic prior to 3.4.12 in src/helpers/UrlHelper.php via the host header.

Database specific

{
    "github_reviewed_at": "2022-03-14T23:21:34Z",
    "github_reviewed": true,
    "nvd_published_at": "2022-03-11T16:15:00Z",
    "cwe_ids": [
        "CWE-94"
    ],
    "severity": "HIGH"
}

References

Affected packages

Packagist / nystudio107/craft-seomatic

Package

Name: nystudio107/craft-seomatic
Purl: pkg:composer/nystudio107/craft-seomatic

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

3.4.12

Affected versions

3.*

3.0.0-beta.1

3.0.0-beta.2

3.0.0-beta.3

3.0.0-beta.4

3.0.0-beta.5

3.0.0-beta.6

3.0.0-beta.7

3.0.0-beta.8

3.0.0-beta.9

3.0.0-beta.10

3.0.0-beta.11

3.0.0-beta.12

3.0.0-beta.13

3.0.0-beta.14

3.0.0-beta.15

3.0.0-beta.16

3.0.0-beta.17

3.0.0-beta.18

3.0.0-beta.19

3.0.0-beta.20

3.0.0-beta.21

3.0.0-beta.22

3.0.0-beta.23

3.0.0-beta.24

3.0.0

3.0.1

3.0.2

3.0.3

3.0.4

3.0.5

3.0.6

3.0.7

3.0.8

3.0.9

3.0.10

3.0.11

3.0.12

3.0.13

3.0.14

3.0.15

3.0.16

3.0.17

3.0.18

3.0.20

3.0.22

3.0.23

3.0.24

3.0.25

3.1.0

3.1.1

3.1.2

3.1.3

3.1.4

3.1.5

3.1.6

3.1.7

3.1.8

3.1.9

3.1.10

3.1.11

3.1.12

3.1.13

3.1.13.1

3.1.14

3.1.16

3.1.17

3.1.18

3.1.18.1

3.1.19

3.1.20

3.1.21

3.1.22

3.1.23

3.1.24

3.1.25

3.1.26

3.1.27

3.1.28

3.1.29

3.1.30

3.1.31

3.1.32

3.1.33

3.1.34

3.1.35

3.1.36

3.1.37

3.1.38

3.1.39

3.1.40

3.1.41

3.1.42

3.1.43

3.1.44

3.1.45

3.1.46

3.1.47

3.1.48

3.1.49

3.1.50

3.2.0

3.2.1

3.2.2

3.2.3

3.2.4

3.2.5

3.2.6

3.2.7

3.2.8

3.2.9

3.2.10

3.2.11

3.2.12

3.2.13

3.2.14

3.2.16

3.2.17

3.2.18

3.2.19

3.2.20

3.2.21

3.2.22

3.2.23

3.2.24

3.2.25

3.2.26

3.2.27

3.2.28

3.2.29

3.2.30

3.2.31

3.2.32

3.2.33

3.2.34

3.2.35

3.2.36

3.2.37

3.2.38

3.2.39

3.2.41

3.2.42

3.2.43

3.2.44

3.2.45

3.2.46

3.2.47

3.2.48

3.2.49

3.2.50

3.2.51

3.3.0

3.3.1

3.3.2

3.3.3

3.3.4

3.3.5

3.3.6

3.3.7

3.3.8

3.3.9

3.3.10

3.3.11

3.3.12

3.3.13

3.3.14

3.3.15

3.3.16

3.3.17

3.3.18

3.3.19

3.3.20

3.3.21

3.3.22

3.3.23

3.3.24

3.3.25

3.3.26

3.3.27

3.3.28

3.3.29

3.3.30

3.3.31

3.3.32

3.3.33

3.3.34

3.3.35

3.3.36

3.3.37

3.3.38

3.3.39

3.3.40

3.3.41

3.3.42

3.3.43

3.3.44

3.3.45

3.3.46

3.3.47

3.3.48

3.4.0

3.4.1

3.4.2

3.4.3

3.4.4

3.4.5

3.4.6

3.4.7

3.4.8

3.4.9

3.4.10

3.4.11