[nystudio107/craft-seomatic] Server-side Template Injection in nystudio107/craft-seomatic

A Server-side Template Injection (SSTI) vulnerability exists in Nystudio107 Seomatic prior to 3.4.12 in src/helpers/UrlHelper.php via the host header.

References

• https://nvd.nist.gov/vuln/detail/CVE-2021-44618
• https://github.com/nystudio107/craft-seomatic/commit/0c5c0c0e0cb61000d12ec55ebf174745a5bf6469
• https://github.com/nystudio107/craft-seomatic/releases/tag/3.4.12
• https://github.com/advisories/GHSA-m3xv-x3ph-mq22