Lucene search
Redhat.comRH:CVE-2020-1925HistoryJan 13, 2020 - 6:09 a.m.
CVE-2020-1925
2020-01-1306:09:00
redhat.com
access.redhat.com
9
0.001 Low
EPSS
Percentile
41.1%
Apache Olingo versions 4.0.0 to 4.7.0 provide the AsyncRequestWrapperImpl class which reads a URL from the Location header, and then sends a GET or DELETE request to this URL. It may allow to implement a SSRF attack. If an attacker tricks a client to connect to a malicious server, the server can make the client call any URL including internal resources which are not directly accessible by the attacker.
Related
osv
osv
Server-Side Request Forgery (SSRF) in Apache Olingo
2020-02-04 22:38:38
CVE-2020-1925
2020-01-09 19:15:10
cvelist
cvelist
CVE-2020-1925
2020-01-09 18:41:08
nvd
nvd
CVE-2020-1925
2020-01-09 19:15:10
symantec
symantec
veracode
veracode
Server-Side Request Forgery
2020-01-14 02:42:14
prion
prion
Server side request forgery (ssrf)
2020-01-09 19:15:00
github
github
Server-Side Request Forgery (SSRF) in Apache Olingo
2020-02-04 22:38:38
cve
cve
CVE-2020-1925
2020-01-09 19:15:10
redhat
redhat
(RHSA-2021:3140) Moderate: Red Hat Fuse 7.9.0 release and security update
2021-08-11 18:18:10