CVE-2021-44618

Name of the Vulnerable Software and Affected Versions Nystudio107 Seomatic versions prior to 3.4.12

Description A Server-side Template Injection (SSTI) vulnerability exists in the src/helpers/UrlHelper.php file via the host header.

Recommendations For versions prior to 3.4.12, update to version 3.4.12 or later to resolve the issue. As a temporary workaround, consider restricting access to the UrlHelper.php file until a patch is available. Avoid using the host header in the affected API endpoint until the issue is resolved.