CVE-2018-6889

Name of the Vulnerable Software and Affected Versions Typesetter version 5.1

Description An issue was discovered in Typesetter, which suffers from a Host header injection vulnerability. This allows a malicious user to poison the web cache, perform advanced password reset attacks, or trigger arbitrary user re-direction.

Recommendations For version 5.1, consider restricting access to sensitive features until a patch is available. As a temporary workaround, review and limit the use of the Host header to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.