CVE-2024-25294

2024-03-2000:00:00

mitre

www.cve.org

ssrf

rebuild v.3.5

sensitive information

arbitrary code

remote attacker

7.4 High

AI Score

Confidence

Low

0.0004 Low

EPSS

Percentile

15.6%

JSON

An SSRF issue in REBUILD v.3.5 allows a remote attacker to obtain sensitive information and execute arbitrary code via the FileDownloader.java, proxyDownload,URL parameters.

References

rebuild.com

deeply-capri-1c8.notion.site/REBUILD-V3-5-2023-12-11-SSRF-30324be04e00477eae472bf75f4f5e0d

github.com/getrebuild/rebuild/