Lucene search

K
osvGoogleOSV:GHSA-FWHC-MM9Q-MQQ8
HistoryMay 22, 2024 - 9:30 p.m.

VuFind Server-Side Request Forgery (SSRF) vulnerability

2024-05-2221:30:34
Google
osv.dev
2
vufind
ssrf
vulnerability
cover show route
remote attackers
http servers
xss attacks
proxying
arbitrary urls

6.3 Medium

AI Score

Confidence

High

0 Low

EPSS

Percentile

0.0%

A Server-Side Request Forgery (SSRF) vulnerability in the /Cover/Show route (showAction in CoverController.php) in Open Library Foundation VuFind 2.4 through 9.1 before 9.1.1 allows remote attackers to access internal HTTP servers and perform Cross-Site Scripting (XSS) attacks by proxying arbitrary URLs via the proxy GET parameter.

6.3 Medium

AI Score

Confidence

High

0 Low

EPSS

Percentile

0.0%

Related for OSV:GHSA-FWHC-MM9Q-MQQ8