Vulnerability Description
Project Wonder WebObjects 1.0 through 5.4.3 is vulnerable to Arbitrary HTTP Header injection and URL- or Header-based XSS reflection in all web-server adaptor interfaces.
CVSS Score
6.1
MEDIUM
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Apple | Webobjects | >= 1.0, <= 5.4.3 |
Related Weaknesses (CWE)
References
- https://github.com/wocommunity/wonder/pull/992PatchThird Party Advisory
- https://xmit.xyz/security/webobjects-url-tomfoolery/ExploitMitigationThird Party Advisory
- https://github.com/wocommunity/wonder/pull/992PatchThird Party Advisory
- https://xmit.xyz/security/webobjects-url-tomfoolery/ExploitMitigationThird Party Advisory
FAQ
What is CVE-2022-37724?
CVE-2022-37724 is a vulnerability with a CVSS score of 6.1 (MEDIUM). Project Wonder WebObjects 1.0 through 5.4.3 is vulnerable to Arbitrary HTTP Header injection and URL- or Header-based XSS reflection in all web-server adaptor interfaces.
How severe is CVE-2022-37724?
CVE-2022-37724 has been rated MEDIUM with a CVSS base score of 6.1/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2022-37724?
Check the references section above for vendor advisories and patch information. Affected products include: Apple Webobjects.