GHSA-99r5-84gr-59f6: Leantime has Host Header Injection Vulnerability

February 21, 2025

A host header injection vulnerability has been identified in the user details viewing functionality of the system. This vulnerability allows an attacker to manipulate the host header in HTTP requests, thereby gaining unauthorized access to view details of other users.

References

github.com/Leantime/leantime
github.com/Leantime/leantime/security/advisories/GHSA-99r5-84gr-59f6
github.com/advisories/GHSA-99r5-84gr-59f6

Detect and mitigate GHSA-99r5-84gr-59f6 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →