{"id":"CVE-2021-44618","details":"A Server-side Template Injection (SSTI) vulnerability exists in Nystudio107 Seomatic 3.4.12 in src/helpers/UrlHelper.php via the host header.","aliases":["GHSA-m3xv-x3ph-mq22"],"modified":"2026-02-22T08:28:58.214771Z","published":"2022-03-11T16:15:07.523Z","references":[{"type":"ADVISORY","url":"https://github.com/nystudio107/craft-seomatic/commit/0c5c0c0e0cb61000d12ec55ebf174745a5bf6469"},{"type":"ADVISORY","url":"https://github.com/nystudio107/craft-seomatic/releases/tag/3.4.12"},{"type":"FIX","url":"https://github.com/nystudio107/craft-seomatic/commit/0c5c0c0e0cb61000d12ec55ebf174745a5bf6469"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/nystudio107/craft-seomatic","events":[{"introduced":"0"},{"fixed":"0c5c0c0e0cb61000d12ec55ebf174745a5bf6469"},{"introduced":"0"},{"fixed":"9ad5d83ca24fe6f9bd1c4b34c3d60fe38a8dc132"}]}],"versions":["3.0.0","3.0.0-beta.1","3.0.0-beta.10","3.0.0-beta.11","3.0.0-beta.12","3.0.0-beta.13","3.0.0-beta.14","3.0.0-beta.15","3.0.0-beta.16","3.0.0-beta.17","3.0.0-beta.18","3.0.0-beta.19","3.0.0-beta.2","3.0.0-beta.20","3.0.0-beta.21","3.0.0-beta.22","3.0.0-beta.23","3.0.0-beta.24","3.0.0-beta.3","3.0.0-beta.4","3.0.0-beta.5","3.0.0-beta.6","3.0.0-beta.7","3.0.0-beta.8","3.0.0-beta.9","3.0.1","3.0.10","3.0.11","3.0.12","3.0.13","3.0.14","3.0.15","3.0.16","3.0.17","3.0.18","3.0.2","3.0.20","3.0.22","3.0.23","3.0.24","3.0.25","3.0.3","3.0.4","3.0.5","3.0.6","3.0.7","3.0.8","3.0.9","3.1.0","3.1.1","3.1.10","3.1.11","3.1.12","3.1.13","3.1.13.1","3.1.14","3.1.16","3.1.17","3.1.18","3.1.18.1","3.1.19","3.1.2","3.1.20","3.1.21","3.1.22","3.1.23","3.1.24","3.1.25","3.1.26","3.1.27","3.1.28","3.1.29","3.1.3","3.1.30","3.1.31","3.1.32","3.1.33","3.1.34","3.1.35","3.1.36","3.1.37","3.1.38","3.1.39","3.1.4","3.1.40","3.1.41","3.1.42","3.1.43","3.1.44","3.1.45","3.1.46","3.1.47","3.1.48","3.1.49","3.1.5","3.1.50","3.1.6","3.1.7","3.1.8","3.1.9","3.2.0","3.2.1","3.2.10","3.2.11","3.2.12","3.2.13","3.2.14","3.2.15","3.2.16","3.2.17","3.2.18","3.2.19","3.2.2","3.2.20","3.2.21","3.2.22","3.2.23","3.2.24","3.2.25","3.2.26","3.2.27","3.2.28","3.2.29","3.2.3","3.2.30","3.2.31","3.2.32","3.2.33","3.2.34","3.2.35","3.2.36","3.2.37","3.2.38","3.2.39","3.2.4","3.2.41","3.2.42","3.2.43","3.2.44","3.2.45","3.2.46","3.2.47","3.2.48","3.2.49","3.2.5","3.2.50","3.2.51","3.2.6","3.2.7","3.2.8","3.2.9","3.3.0","3.3.1","3.3.10","3.3.11","3.3.12","3.3.13","3.3.14","3.3.15","3.3.16","3.3.17","3.3.18","3.3.19","3.3.2","3.3.20","3.3.21","3.3.22","3.3.23","3.3.24","3.3.25","3.3.26","3.3.27","3.3.28","3.3.29","3.3.3","3.3.30","3.3.31","3.3.32","3.3.33","3.3.34","3.3.35","3.3.36","3.3.37","3.3.38","3.3.39","3.3.4","3.3.40","3.3.41","3.3.42","3.3.43","3.3.44","3.3.45","3.3.46","3.3.47","3.3.48","3.3.5","3.3.6","3.3.7","3.3.8","3.3.9","3.4.0","3.4.1","3.4.10","3.4.11","3.4.2","3.4.3","3.4.4","3.4.5","3.4.6","3.4.7","3.4.8","3.4.9"],"database_specific":{"source":"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2021-44618.json"}}],"schema_version":"1.7.3","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}]}