CVE-2021-31779: Server-Side Request Forgery in yoast_seo
6.4
CVSS Score
3.1
Basic Information
CVE ID
GHSA ID
EPSS Score
0.3596%
CWE
Published
5/21/2021
Updated
2/1/2023
KEV Status
No
Technology
PHP
Technical Details
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N
Package Name | Ecosystem | Vulnerable Versions | First Patched Version |
---|---|---|---|
yoast-seo-for-typo3/yoast_seo | composer | < 7.2.1 | 7.2.1 |
Vulnerability Intelligence
Miggo AI
Root Cause Analysis
The vulnerability description indicates improper URL validation in SEO analysis features. SSRF typically occurs when user-controlled URLs are fetched without proper restrictions. The extension's URL analysis functionality would logically involve a URL fetching method, and the patch (7.2.1) likely added domain validation here. The TYPO3 advisory specifically mentions the failure to restrict analyzed URLs to managed domains, strongly suggesting the URL fetching function was vulnerable.