Ecosyste.ms: Advisories
An open API service providing security vulnerability metadata for many open source software ecosystems.
Security Advisories: GSA_kwCzR0hTQS1oMjJxLWcyYzctMmp3as2lHg
Joomla! vulnerable to CRLF injection
CRLF injection vulnerability in Joomla! before 1.0.13 (aka Sunglow) allows remote attackers to inject arbitrary HTTP headers and probably conduct HTTP response splitting attacks via CRLF sequences in the url parameter. NOTE: this can be leveraged for cross-site scripting (XSS) attacks. NOTE: some of these details are obtained from third party information.
Permalink: https://github.com/advisories/GHSA-h22q-g2c7-2jwjJSON: https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS1oMjJxLWcyYzctMmp3as2lHg
Source: GitHub Advisory Database
Origin: Unspecified
Severity: Moderate
Classification: General
Published: about 2 years ago
Updated: 8 months ago
Identifiers: GHSA-h22q-g2c7-2jwj, CVE-2007-4190
References:
- https://nvd.nist.gov/vuln/detail/CVE-2007-4190
- https://web.archive.org/web/20071001212343/http://www.joomla.org/content/view/3677/1/
- https://github.com/advisories/GHSA-h22q-g2c7-2jwj
Affected Packages
packagist:joomla/application
Dependent packages: 13Dependent repositories: 161
Downloads: 271,700 total
Affected Version Ranges: < 1.0.13
Fixed in: 1.0.13
All affected versions:
All unaffected versions: 1.1.0, 1.1.1, 1.1.2, 1.1.3, 1.2.0, 1.2.1, 1.3.0, 1.4.0, 1.4.1, 1.5.0, 1.5.1, 1.6.0, 1.7.0, 1.8.0, 1.8.1, 1.9.0, 1.9.1, 1.9.2, 1.9.3, 2.0.0, 2.0.1, 2.0.2, 2.0.3, 2.0.4, 3.0.0, 3.0.1