GHSA-p8q6-qrgj-7gx2

Suggest an improvement
Source
https://github.com/advisories/GHSA-p8q6-qrgj-7gx2
Import Source
https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2023/12/GHSA-p8q6-qrgj-7gx2/GHSA-p8q6-qrgj-7gx2.json
JSON Data
https://api.test.osv.dev/v1/vulns/GHSA-p8q6-qrgj-7gx2
Aliases
Published
2023-12-08T06:30:37Z
Modified
2023-12-11T21:45:50.040825Z
Severity
  • 7.5 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N CVSS Calculator
Summary
Microweber allows a remote attacker to obtain sensitive information via the HTTP GET method
Details

An issue present in microweber v.2.0.1 and fixed in v.2.0.4 allows a remote attacker to obtain sensitive information via the HTTP GET method.

Database specific 
{
    "nvd_published_at": "2023-12-08T04:15:06Z",
    "cwe_ids": [
        "CWE-200"
    ],
    "severity": "HIGH",
    "github_reviewed": true,
    "github_reviewed_at": "2023-12-08T15:24:24Z"
}
References

Affected packages

Packagist / microweber/microweber

Package

Name
microweber/microweber
Purl
pkg:composer/microweber/microweber

Affected ranges

Type
ECOSYSTEM
Events
Introduced
2.0.1
Fixed
2.0.4

Affected versions

v2.*

v2.0.1
v2.0.3