Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
osvGoogleOSV:GHSA-CQH9-JFQR-H9JJ
HistoryMay 16, 2024 - 9:33 a.m.

Weights and Biases (wandb) has a Server-Side Request Forgery (SSRF) vulnerability

2024-05-1609:33:09
Google
osv.dev
5
ssrf
weights and biases
vulnerability
http 302
webhooks
server-side
remote code execution
aws

7.8 High

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

9.1%

JSON

A Server-Side Request Forgery (SSRF) vulnerability exists in the wandb/wandb repository due to improper handling of HTTP 302 redirects. This issue allows team members with access to the ‘User settings -> Webhooks’ function to exploit this vulnerability to access internal HTTP(s) servers. In severe cases, such as on AWS instances, this could potentially be abused to achieve remote code execution on the victim’s machine. The vulnerability is present in the latest version of the repository.

Related

cvelist 1
cve 1
nvd 1
github 1
cvelist
cvelist
CVE-2024-4642
2024-05-16 09:03:48
cve
cve
CVE-2024-4642
2024-05-16 09:15:17
nvd
nvd
CVE-2024-4642
2024-05-16 09:15:17
github
github
Withdrawn Advisory: Weights and Biases (wandb) has a Server-Side Request Forgery (SSRF) vulnerability
2024-05-16 09:33:09

7.8 High

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

9.1%

JSON
Related for OSV:GHSA-CQH9-JFQR-H9JJ
cvelist1cve1nvd1github1