Описание
Leantime has Host Header Injection Vulnerability
Summary
A host header injection vulnerability has been identified in the user details viewing functionality of the system. This vulnerability allows an attacker to manipulate the host header in HTTP requests, thereby gaining unauthorized access to view details of other users.
Пакеты
Наименование
leantime/leantime
composer
Затронутые версииВерсия исправления
< 3.1.2
3.1.2
6.5 Medium
CVSS3
Дефекты
CWE-74
6.5 Medium
CVSS3
Дефекты
CWE-74