Lucene search
GoogleOSV:CVE-2020-1925HistoryJan 09, 2020 - 7:15 p.m.
CVE-2020-1925
2020-01-0919:15:10
Google
osv.dev
2
Apache Olingo versions 4.0.0 to 4.7.0 provide the AsyncRequestWrapperImpl class which reads a URL from the Location header, and then sends a GET or DELETE request to this URL. It may allow to implement a SSRF attack. If an attacker tricks a client to connect to a malicious server, the server can make the client call any URL including internal resources which are not directly accessible by the attacker.
Related
osv
osv
Server-Side Request Forgery (SSRF) in Apache Olingo
2020-02-04 22:38:38
cvelist
cvelist
CVE-2020-1925
2020-01-09 18:41:08
nvd
nvd
CVE-2020-1925
2020-01-09 19:15:10
symantec
symantec
prion
prion
Server side request forgery (ssrf)
2020-01-09 19:15:00
github
github
Server-Side Request Forgery (SSRF) in Apache Olingo
2020-02-04 22:38:38
redhatcve
redhatcve
CVE-2020-1925
2020-01-13 06:09:00
veracode
veracode
Server-Side Request Forgery
2020-01-14 02:42:14
cve
cve
CVE-2020-1925
2020-01-09 19:15:10
redhat
redhat
(RHSA-2021:3140) Moderate: Red Hat Fuse 7.9.0 release and security update
2021-08-11 18:18:10