Lucene search

K
githubGitHub Advisory DatabaseGHSA-FWHC-MM9Q-MQQ8
HistoryMay 22, 2024 - 9:30 p.m.

VuFind Server-Side Request Forgery (SSRF) vulnerability

2024-05-2221:30:34
CWE-918
GitHub Advisory Database
github.com
5
ssrf
vufind
open library foundation
cross-site scripting
remote attackers
http servers
proxying

6.5 Medium

AI Score

Confidence

High

0 Low

EPSS

Percentile

0.0%

A Server-Side Request Forgery (SSRF) vulnerability in the /Cover/Show route (showAction in CoverController.php) in Open Library Foundation VuFind 2.4 through 9.1 before 9.1.1 allows remote attackers to access internal HTTP servers and perform Cross-Site Scripting (XSS) attacks by proxying arbitrary URLs via the proxy GET parameter.

Affected configurations

Vulners
Node
vufindRange2.4
OR
vufindRange<9.1.1
CPENameOperatorVersion
vufind/vufindge2.4
vufind/vufindlt9.1.1

6.5 Medium

AI Score

Confidence

High

0 Low

EPSS

Percentile

0.0%

Related for GHSA-FWHC-MM9Q-MQQ8