CVE-2022-37724 Information

Sep 15, 2022 cve

Description

Project Wonder WebObjects 1.0 through 5.4.3 is vulnerable to Arbitrary HTTP Header injection and URL- or Header-based XSS reflection in all web-server adaptor interfaces.

Reference

https://github.com/wocommunity/wonder/pull/992 https://xmit.xyz/security/webobjects-url-tomfoolery/ https://xmit.xyz/security/webobjects-url-tomfoolery/

Share on: