Skip to content

Commit 12ddd68

Browse files
advisory-database[bot]advisory-database[bot]
committed
Publish Advisories
GHSA-h66j-xm43-47pp GHSA-hm9j-cgmm-2w36
1 parent 5ef4960 commit 12ddd68

2 files changed

Lines changed: 40 additions & 10 deletions

File tree

advisories/unreviewed/2026/01/GHSA-h66j-xm43-47pp/GHSA-h66j-xm43-47pp.json renamed to advisories/github-reviewed/2026/01/GHSA-h66j-xm43-47pp/GHSA-h66j-xm43-47pp.json

Lines changed: 20 additions & 5 deletions
Original file line numberDiff line numberDiff line change
@@ -1,11 +1,12 @@
11
{
22
"schema_version": "1.4.0",
33
"id": "GHSA-h66j-xm43-47pp",
4-
"modified": "2026-01-15T18:31:32Z",
4+
"modified": "2026-01-15T22:39:22Z",
55
"published": "2026-01-15T18:31:32Z",
66
"aliases": [
77
"CVE-2021-47776"
88
],
9+
"summary": "Umbraco CMS contains a server-side request forgery vulnerability",
910
"details": "Umbraco CMS v8.14.1 contains a server-side request forgery vulnerability that allows attackers to manipulate baseUrl parameters in multiple dashboard and help controller endpoints. Attackers can craft malicious requests to the GetContextHelpForPage, GetRemoteDashboardContent, and GetRemoteDashboardCss endpoints to trigger unauthorized server-side requests to external hosts.",
1011
"severity": [
1112
{
@@ -14,15 +15,29 @@
1415
},
1516
{
1617
"type": "CVSS_V4",
17-
"score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:L/SI:L/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"
18+
"score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:L/SI:L/SA:L"
19+
}
20+
],
21+
"affected": [
22+
{
23+
"package": {
24+
"ecosystem": "NuGet",
25+
"name": "UmbracoCms"
26+
},
27+
"versions": [
28+
"8.14.1"
29+
]
1830
}
1931
],
20-
"affected": [],
2132
"references": [
2233
{
2334
"type": "ADVISORY",
2435
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-47776"
2536
},
37+
{
38+
"type": "PACKAGE",
39+
"url": "https://github.com/umbraco/Umbraco-CMS"
40+
},
2641
{
2742
"type": "WEB",
2843
"url": "https://our.umbraco.com"
@@ -41,8 +56,8 @@
4156
"CWE-918"
4257
],
4358
"severity": "MODERATE",
44-
"github_reviewed": false,
45-
"github_reviewed_at": null,
59+
"github_reviewed": true,
60+
"github_reviewed_at": "2026-01-15T22:39:22Z",
4661
"nvd_published_at": "2026-01-15T16:16:09Z"
4762
}
4863
}

advisories/unreviewed/2026/01/GHSA-hm9j-cgmm-2w36/GHSA-hm9j-cgmm-2w36.json renamed to advisories/github-reviewed/2026/01/GHSA-hm9j-cgmm-2w36/GHSA-hm9j-cgmm-2w36.json

Lines changed: 20 additions & 5 deletions
Original file line numberDiff line numberDiff line change
@@ -1,11 +1,12 @@
11
{
22
"schema_version": "1.4.0",
33
"id": "GHSA-hm9j-cgmm-2w36",
4-
"modified": "2026-01-15T18:31:30Z",
4+
"modified": "2026-01-15T22:38:52Z",
55
"published": "2026-01-15T18:31:30Z",
66
"aliases": [
77
"CVE-2021-47763"
88
],
9+
"summary": "Aimeos contains a SQL injection vulnerability in the json api 'sort' parameter",
910
"details": "Aimeos 2021.10 LTS contains a SQL injection vulnerability in the json api 'sort' parameter that allows attackers to inject malicious database queries. Attackers can manipulate the sort parameter to reveal table and column names by sending crafted GET requests to the jsonapi/review endpoint.",
1011
"severity": [
1112
{
@@ -14,10 +15,20 @@
1415
},
1516
{
1617
"type": "CVSS_V4",
17-
"score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"
18+
"score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:L/VA:N/SC:N/SI:N/SA:N"
19+
}
20+
],
21+
"affected": [
22+
{
23+
"package": {
24+
"ecosystem": "Packagist",
25+
"name": "aimeos/aimeos-laravel"
26+
},
27+
"versions": [
28+
"2021.10"
29+
]
1830
}
1931
],
20-
"affected": [],
2132
"references": [
2233
{
2334
"type": "ADVISORY",
@@ -31,6 +42,10 @@
3142
"type": "WEB",
3243
"url": "https://aimeos.org/laravel-ecommerce-package"
3344
},
45+
{
46+
"type": "PACKAGE",
47+
"url": "https://github.com/aimeos/aimeos-laravel"
48+
},
3449
{
3550
"type": "WEB",
3651
"url": "https://www.exploit-db.com/exploits/50538"
@@ -41,8 +56,8 @@
4156
"CWE-89"
4257
],
4358
"severity": "HIGH",
44-
"github_reviewed": false,
45-
"github_reviewed_at": null,
59+
"github_reviewed": true,
60+
"github_reviewed_at": "2026-01-15T22:38:52Z",
4661
"nvd_published_at": "2026-01-15T16:16:07Z"
4762
}
4863
}

0 commit comments

Comments
 (0)