{"id":"GHSA-3wwj-wh2w-g4xp","summary":"CRLF Injection in microweber","details":"CRLF Injection leads to Stack Trace Exposure due to lack of filtering at https://demo.microweber.org/ in Packagist microweber/microweber prior to 1.2.11.","aliases":["CVE-2022-0666"],"modified":"2023-11-08T04:07:37.759990Z","published":"2022-02-19T00:01:35Z","database_specific":{"nvd_published_at":"2022-02-18T15:15:00Z","github_reviewed":true,"cwe_ids":["CWE-93"],"severity":"HIGH","github_reviewed_at":"2022-02-23T15:04:54Z"},"references":[{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2022-0666"},{"type":"WEB","url":"https://github.com/microweber/microweber/commit/f0e338f1b7dc5ec9d99231f4ed3fa6245a5eb128"},{"type":"PACKAGE","url":"https://github.com/microweber/microweber"},{"type":"WEB","url":"https://huntr.dev/bounties/7215afc7-9133-4749-8e8e-0569317dbd55"}],"affected":[{"package":{"name":"microweber/microweber","ecosystem":"Packagist","purl":"pkg:composer/microweber/microweber"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"1.2.11"}]}],"versions":["0.9.346","0.93","0.931","0.934","0.951","1.0.3","1.0.4","1.0.5","1.0.6","1.0.7","1.1","v1.2.10","v1.2.3","v1.2.4","v1.2.5","v1.2.6","v1.2.7","v1.2.8","v1.2.9"],"database_specific":{"source":"https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/02/GHSA-3wwj-wh2w-g4xp/GHSA-3wwj-wh2w-g4xp.json"}}],"schema_version":"1.7.3","severity":[{"type":"CVSS_V3","score":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:H"}]}