GHSA-99r5-84gr-59f6
First published: Fri Feb 21 2025(Updated: )
### Summary A host header injection vulnerability has been identified in the user details viewing functionality of the system. This vulnerability allows an attacker to manipulate the host header in HTTP requests, thereby gaining unauthorized access to view details of other users.
| Affected Software | Affected Version | How to fix |
|---|---|---|
| composer/leantime/leantime | <3.1.2 | 3.1.2 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of GHSA-99r5-84gr-59f6?
The severity of GHSA-99r5-84gr-59f6 is considered high due to the potential for unauthorized access to sensitive user details.
How do I fix GHSA-99r5-84gr-59f6?
To fix GHSA-99r5-84gr-59f6, upgrade to version 3.1.2 or higher of the leantime/leantime package.
What is the impact of GHSA-99r5-84gr-59f6?
The impact of GHSA-99r5-84gr-59f6 allows attackers to manipulate the host header, potentially gaining unauthorized access to view other users' information.
Which versions are affected by GHSA-99r5-84gr-59f6?
Versions up to but not including 3.1.2 of the leantime/leantime package are affected by GHSA-99r5-84gr-59f6.
Who is vulnerable to GHSA-99r5-84gr-59f6?
Any user utilizing affected versions of the leantime/leantime package is vulnerable to GHSA-99r5-84gr-59f6.
- collector/github-advisory-latest
- source/GitHub
- alias/GHSA-99r5-84gr-59f6
- agent/software-canonical-lookup
- agent/last-modified-date
- agent/weakness
- agent/severity
- agent/references
- agent/source
- agent/first-publish-date
- agent/softwarecombine
- agent/type
- agent/description
- agent/event
- agent/tags
- package-manager/composer