CVE-2021-44618

CRITICAL9.8EPSS 0.51%

Server-side Template Injection in nystudio107/craft-seomatic

Published: 3/12/2022Modified: 11/8/2023

Description

A Server-side Template Injection (SSTI) vulnerability exists in Nystudio107 Seomatic prior to 3.4.12 in src/helpers/UrlHelper.php via the host header.

Affected packages (1)

Packagist/nystudio107/craft-seomaticfrom 0, < 3.4.12

CVSS scores

Source	Version	Severity	Vector
osv	CVSS 3.1	CRITICAL9.8	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

References (4)

ADVISORYhttps://nvd.nist.gov/vuln/detail/CVE-2021-44618
PATCHhttps://github.com/nystudio107/craft-seomatic
WEBhttps://github.com/nystudio107/craft-seomatic/commit/0c5c0c0e0cb61000d12ec55ebf174745a5bf6469
WEBhttps://github.com/nystudio107/craft-seomatic/releases/tag/3.4.12