CVE-2022-37724: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

September 15, 2022 (updated September 16, 2022)

Project Wonder WebObjects 1.0 through 5.4.3 is vulnerable to Arbitrary HTTP Header injection and URL- or Header-based XSS reflection in all web-server adaptor interfaces.

References

github.com/advisories/GHSA-xv7r-9vq4-9wrq
github.com/wocommunity/wonder/commit/b0d2d74f13203268ea254b02552600850f28014b
github.com/wocommunity/wonder/pull/992
nvd.nist.gov/vuln/detail/CVE-2022-37724
xmit.xyz/security/webobjects-url-tomfoolery/

Detect and mitigate CVE-2022-37724 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →