CVE-2022-23799: Variable Tampering within joomla/input class
(updated )
An issue was discovered in Joomla! 4.0.0 through 4.1.0. Under specific circumstances, JInput pollutes method-specific input bags with $_REQUEST data.
References
- developer.joomla.org/security-centre/876-20220307-core-variable-tampering-on-jinput-request-data.html
- github.com/FriendsOfPHP/security-advisories/blob/master/joomla/input/CVE-2022-23799.yaml
- github.com/advisories/GHSA-49fj-qp6p-q544
- github.com/joomla-framework/input
- github.com/joomla-framework/input/commit/2086df5860a2edccd77c329ee7cbd118cfe93514
- github.com/joomla/joomla-cms/issues/35541
- nvd.nist.gov/vuln/detail/CVE-2022-23799
Detect and mitigate CVE-2022-23799 with GitLab Dependency Scanning
Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →