GHSA-847x-x4jg-6gf4
First published: Mon Apr 21 2025(Updated: )
An issue in croogo v.3.0.2 allows an attacker to perform Host header injection via the feed.rss component.
| Affected Software | Affected Version | How to fix |
|---|---|---|
| composer/croogo/croogo | <=3.0.2 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of GHSA-847x-x4jg-6gf4?
The severity of GHSA-847x-x4jg-6gf4 has not been explicitly categorized, but its potential for Host header injection poses a significant security risk.
How do I fix GHSA-847x-x4jg-6gf4?
To fix GHSA-847x-x4jg-6gf4, upgrade Croogo to a version above 3.0.2 where the vulnerability is addressed.
What types of systems are affected by GHSA-847x-x4jg-6gf4?
GHSA-847x-x4jg-6gf4 affects systems running Croogo version 3.0.2 or earlier.
What kind of attacks can occur due to GHSA-847x-x4jg-6gf4?
GHSA-847x-x4jg-6gf4 allows attackers to perform Host header injection, which can lead to various security exploits.
Is there a known exploit for GHSA-847x-x4jg-6gf4?
While specific exploits may not be publicly documented, the nature of Host header injection suggests that it can be easily abused by attackers.
- collector/github-advisory-latest
- source/GitHub
- alias/GHSA-847x-x4jg-6gf4
- alias/CVE-2024-29643
- agent/software-canonical-lookup
- agent/weakness
- agent/source
- agent/references
- agent/last-modified-date
- agent/softwarecombine
- agent/tags
- agent/type
- agent/description
- agent/first-publish-date
- agent/event
- package-manager/composer