Ecosyste.ms: Advisories

An open API service providing security vulnerability metadata for many open source software ecosystems.

Security Advisories: GSA_kwCzR0hTQS1oMjJxLWcyYzctMmp3as2lHg

Joomla! vulnerable to CRLF injection

CRLF injection vulnerability in Joomla! before 1.0.13 (aka Sunglow) allows remote attackers to inject arbitrary HTTP headers and probably conduct HTTP response splitting attacks via CRLF sequences in the url parameter. NOTE: this can be leveraged for cross-site scripting (XSS) attacks. NOTE: some of these details are obtained from third party information.

Permalink: https://github.com/advisories/GHSA-h22q-g2c7-2jwj
JSON: https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS1oMjJxLWcyYzctMmp3as2lHg
Source: GitHub Advisory Database
Origin: Unspecified
Severity: Moderate
Classification: General
Published: about 2 years ago
Updated: 8 months ago


Identifiers: GHSA-h22q-g2c7-2jwj, CVE-2007-4190
References: Blast Radius: 0.0

Affected Packages

packagist:joomla/application
Dependent packages: 13
Dependent repositories: 161
Downloads: 272,584 total
Affected Version Ranges: < 1.0.13
Fixed in: 1.0.13
All affected versions:
All unaffected versions: 1.1.0, 1.1.1, 1.1.2, 1.1.3, 1.2.0, 1.2.1, 1.3.0, 1.4.0, 1.4.1, 1.5.0, 1.5.1, 1.6.0, 1.7.0, 1.8.0, 1.8.1, 1.9.0, 1.9.1, 1.9.2, 1.9.3, 2.0.0, 2.0.1, 2.0.2, 2.0.3, 2.0.4, 3.0.0, 3.0.1