Description
Contao is an open source content management system. Starting in version 4.9.0 and prior to versions 4.13.40 and 5.3.4, when checking for broken links on protected pages, Contao sends the cookie header to external urls as well, the passed options for the http client are used for all requests. Contao versions 4.13.40 and 5.3.4 have a patch for this issue. As a workaround, disable crawling protected pages.
Remediation
References
Related Vulnerabilities
Apache HTTP Server Improper Input Validation Vulnerability (CVE-2011-3639)
WordPress Plugin Disqus Comment System Cross-Site Scripting (2.68)
Drupal Improper Access Control Vulnerability (CVE-2020-13677)
WordPress Plugin WP Ultimate Exporter SQL Injection (1.1)
WordPress Plugin YARPP-Yet Another Related Posts Local File Inclusion (5.30.3)