CVE-2024-35172

2024-05-1415:39:42

CWE-918

[email protected]

web.nvd.nist.gov

cve-2024-35172

server-side request forgery

shortpixel adaptive images

nvd

vulnerability

4.4 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

HIGH

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:N

6.8 Medium

AI Score

Confidence

Low

0.0004 Low

EPSS

Percentile

9.2%

JSON

Server-Side Request Forgery (SSRF) vulnerability in ShortPixel ShortPixel Adaptive Images.This issue affects ShortPixel Adaptive Images: from n/a through 3.8.3.

Affected configurations

Vulners

Node

shortpixelshortpixel_adaptive_imagesRange≤3.8.3

VendorProductVersionCPE
shortpixelshortpixel_adaptive_images*cpe:2.3:a:shortpixel:shortpixel_adaptive_images:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
shortpixel	shortpixel_adaptive_images	*	cpe:2.3:a:shortpixel:shortpixel_adaptive_images::::::::

CNA Affected

[
  {
    "collectionURL": "https://wordpress.org/plugins",
    "defaultStatus": "unaffected",
    "packageName": "shortpixel-adaptive-images",
    "product": "ShortPixel Adaptive Images",
    "vendor": "ShortPixel",
    "versions": [
      {
        "changes": [
          {
            "at": "3.8.4",
            "status": "unaffected"
          }
        ],
        "lessThanOrEqual": "3.8.3",
        "status": "affected",
        "version": "n/a",
        "versionType": "custom"
      }
    ]
  }
]

References

patchstack.com/database/vulnerability/shortpixel-adaptive-images/wordpress-shortpixel-adaptive-images-plugin-3-8-3-server-side-request-forgery-ssrf-vulnerability?_s_id=cve