Lucene search

GoogleOSV:GO-2024-2495

HistoryJun 28, 2024 - 3:28 p.m.

Apache ServiceComb Service-Center Server-Side Request Forgery vulnerability in github.com/apache/servicecomb-service-center

2024-06-2815:28:53

Google

osv.dev

apache servicecomb

service-center

ssrf

vulnerability

github

CVSS3

7.6

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

LOW

Availability Impact

LOW

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:L/A:L

EPSS

0.001

Percentile

38.5%

JSON

Apache ServiceComb Service-Center Server-Side Request Forgery vulnerability in github.com/apache/servicecomb-service-center.

NOTE: The source advisory for this report contains additional versions that could not be automatically mapped to standard Go module versions.

(If this is causing false-positive reports from vulnerability scanners, please suggest an edit to the report.)

The additional affected modules and versions are: github.com/apache/servicecomb-service-center before v2.2.0.

References

www.openwall.com/lists/oss-security/2024/01/31/4

github.com/advisories/GHSA-9xc9-xq7w-vpcr

lists.apache.org/thread/kxovd455o9h4f2v811hcov2qknbwld5r

nvd.nist.gov/vuln/detail/CVE-2023-44313