Moderate severityNVD Advisory· Published Sep 14, 2022· Updated Aug 3, 2024
CVE-2022-37724
CVE-2022-37724
Description
Project Wonder WebObjects 1.0 through 5.4.3 is vulnerable to Arbitrary HTTP Header injection and URL- or Header-based XSS reflection in all web-server adaptor interfaces.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
wonder:wonderMaven | >= 1.0, <= 7.3 | — |
Affected products
2- Project Wonder/WebObjectsdescription
Patches
Vulnerability mechanics
Generated on May 9, 2026. Inputs: CWE entries + fix-commit diffs from this CVE's patches. Citations validated against bundle.
References
6- github.com/advisories/GHSA-xv7r-9vq4-9wrqghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2022-37724ghsaADVISORY
- github.com/wocommunity/wonder/commit/b0d2d74f13203268ea254b02552600850f28014bghsaWEB
- github.com/wocommunity/wonder/pull/992ghsax_refsource_MISCWEB
- xmit.xyz/security/webobjects-url-tomfooleryghsaWEB
- xmit.xyz/security/webobjects-url-tomfoolery/mitrex_refsource_MISC
News mentions
0No linked articles in our index yet.