CVE-2019-17669

2019-10-1713:15:00

Debian Security Bug Tracker

security-tracker.debian.org

0.015 Low

EPSS

Percentile

87.1%

JSON

WordPress before 5.2.4 has a Server Side Request Forgery (SSRF) vulnerability because URL validation does not consider the interpretation of a name as a series of hex characters.

OSVersionArchitecturePackageVersionFilename
Debian12allwordpress< 5.2.4+dfsg1-1wordpress_5.2.4+dfsg1-1_all.deb
Debian11allwordpress< 5.2.4+dfsg1-1wordpress_5.2.4+dfsg1-1_all.deb
Debian10allwordpress< 5.0.4+dfsg1-1+deb10u1wordpress_5.0.4+dfsg1-1+deb10u1_all.deb
Debian999allwordpress< 5.2.4+dfsg1-1wordpress_5.2.4+dfsg1-1_all.deb
Debian13allwordpress< 5.2.4+dfsg1-1wordpress_5.2.4+dfsg1-1_all.deb

OS	Version	Architecture	Package	Version	Filename
Debian	12	all	wordpress	< 5.2.4+dfsg1-1	wordpress_5.2.4+dfsg1-1_all.deb
Debian	11	all	wordpress	< 5.2.4+dfsg1-1	wordpress_5.2.4+dfsg1-1_all.deb
Debian	10	all	wordpress	< 5.0.4+dfsg1-1+deb10u1	wordpress_5.0.4+dfsg1-1+deb10u1_all.deb
Debian	999	all	wordpress	< 5.2.4+dfsg1-1	wordpress_5.2.4+dfsg1-1_all.deb
Debian	13	all	wordpress	< 5.2.4+dfsg1-1	wordpress_5.2.4+dfsg1-1_all.deb

0.015 Low

EPSS

Percentile

87.1%

JSON

Related for DEBIANCVE:CVE-2019-17669