Security
Headlines

Headlines Latest CVEs

Headline

GHSA-99r5-84gr-59f6: Leantime has Host Header Injection Vulnerability

Summary

A host header injection vulnerability has been identified in the user details viewing functionality of the system. This vulnerability allows an attacker to manipulate the host header in HTTP requests, thereby gaining unauthorized access to view details of other users.

3 days ago

#vulnerability #git #auth

GitHub Advisory Database
GitHub Reviewed
GHSA-99r5-84gr-59f6

Leantime has Host Header Injection Vulnerability

Moderate severity GitHub Reviewed Published Feb 18, 2025 in Leantime/leantime • Updated Feb 21, 2025

Package

composer leantime/leantime (Composer)

Affected versions

< 3.1.2

Summary

A host header injection vulnerability has been identified in the user details viewing functionality of the system. This vulnerability allows an attacker to manipulate the host header in HTTP requests, thereby gaining unauthorized access to view details of other users.

References

GHSA-99r5-84gr-59f6

Published to the GitHub Advisory Database

Feb 21, 2025

Last updated

Feb 21, 2025

ghsa: Latest News

GHSA-c6gw-w398-hv78: DoS in go-jose Parsing

3 hours ago

GHSA-5r85-6h7f-rg3r: Moodle's non-searchable tags can still be discovered on the tag search page and in the tags block

4 hours ago

GHSA-cw24-f6fq-7j9v: Moodle allows teachers to evade trusttext config when restoring glossary entries

4 hours ago

GHSA-h697-w4ph-7pcx: Moodle has a stored XSS in ddimageortext question type

4 hours ago

GHSA-rg56-94j7-hjx9: Moodle has a SQL injection risk in course search module list filter

4 hours ago