The vulnerability of the /v1/avatars/favicon component of the backend platform for developing mobile and web applications allows a attacker to perform an SSRF attack.

The vulnerability of the /v1/avatars/favicon component in the backend platform for developing mobile and web applications relates to insufficient validation of incoming requests. Exploiting this vulnerability allows a malicious actor to execute an SSRF attack using a specially crafted GET request...

PT-2023-29919 · Apache · Apache

Name of the Vulnerable Software and Affected Versions: FOG versions prior to 1.5.10 Description: A server-side-request-forgery SSRF vulnerability allowed an unauthenticated user to trigger a GET request as the server to an arbitrary endpoint and URL scheme. This also allows remote access to files...

CVE-2023-46502

An issue in openCRX v.5.2.2 allows a remote attacker to read internal files and execute server side request forgery attack via insecure DocumentBuilderFactory...

GeoServer 代码问题漏洞

GeoServer is an open source software server written in Java. Allows users to share and edit geospatial data. GeoServer suffers from a server-side request forgery vulnerability that stems from the fact that the OGC Web Processing Service WPS specification is designed to process information from an...

PT-2023-29857 · Fides · Fides

Name of the Vulnerable Software and Affected Versions: Fides versions prior to 2.22.1 Description: The Fides web application is vulnerable to a Server-Side Request Forgery SSRF attack. This occurs when a malicious user uploads a specially crafted YAML dataset and config file as a ZIP file, allowi...

PT-2023-29777 · Umputun · Remark42

Name of the Vulnerable Software and Affected Versions: umputun remark42 versions 1.12.1 and before Description: The issue is related to a Blind Server-Side Request Forgery SSRF vulnerability. No information is provided about the estimated number of potentially affected devices worldwide or...

PT-2023-24019

Name of the Vulnerable Software and Affected Versions Langchain versions 0.0.0 through 0.0.155 Langchain versions prior to 0.0.329 Description The issue allows an attacker to force the service to retrieve data from an arbitrary URL, essentially providing Server-Side Request Forgery SSRF and...

Fortinet FortiAnalyzer Code Issue Vulnerability

Fortinet FortiAnalyzer is a set of centralized network security reporting solutions from the U.S. company Fiat Fortinet. The product is primarily used to collect network log data and analyze, report, and archive security events, network traffic, and Web content in the logs through the Reporting...

CVE-2023-46229

LangChain before 0.0.317 allows SSRF via documentloaders/recursiveurlloader.py because crawling can proceed from an external server to an internal server...

PYSEC-2023-205

LangChain before 0.0.317 allows SSRF via documentloaders/recursiveurlloader.py because crawling can proceed from an external server to an internal server...

PYSEC-2023-205

LangChain before 0.0.317 allows SSRF via documentloaders/recursiveurlloader.py because crawling can proceed from an external server to an internal server...

PT-2023-28155 · Unknown · Home Assistant

Name of the Vulnerable Software and Affected Versions: Home assistant versions prior to 2023.9.0 Description: The issue concerns a partial Server-Side Request Forgery vulnerability in the hassio.addon stdin service, where an attacker capable of calling this service may be able to invoke any...

Apache ShenYu 代码问题漏洞

Apache ShenYu is an asynchronous , high-performance , cross-language , responsive API gateway of the United States Apache Apache Foundation . A server-side request forgery vulnerability exists in Apache ShenYu version 2.5.1, which stems from a failure of the sandbox/proxyGateway endpoint to...

PT-2023-29915

Name of the Vulnerable Software and Affected Versions LangChain versions prior to 0.0.317 Description The issue allows Server-Side Request Forgery SSRF via the document loaders/recursive url loader.py module. This occurs because crawling can proceed from an external server to an internal server...

The vulnerability of the software platforms for developing and managing Magento Open Source and Adobe Commerce stores relates to insufficient verification of incoming requests. This allows attackers to carry out SSRF attacks.

The vulnerability of the software platforms for developing and managing Magento Open Source and Adobe Commerce stores is related to insufficient verification of incoming requests. Exploiting this vulnerability allows a malicious actor to execute an SSRF attack by sending a specially crafted HTTP...

Engelsystem Code Issue Vulnerability

Engelsystem is an open source shift scheduling system from Engelsystem. Engelsystem has a code issue vulnerability that stems from a Server Request Forgery SSRF vulnerability in the Import schedule feature...

vrite Code Issues Vulnerabilities

vrite is an open source collaborative space for creating, managing and deploying product documentation, technical blogs and knowledge bases from vrite, Inc. A code issue vulnerability exists in vrite versions prior to 0.3.0 that stems from the presence of a Server Request Forgery SSRF vulnerabili...

The vulnerability of the application programming interface of the Discourse-jira plugin for the Discourse mailing list management software allows a attacker to execute an SSRF attack.

The vulnerability of the application programming interface of the Discourse-jira plugin for the Discourse mailing list management software is related to the implementation of an incorrect control flow. Exploiting this vulnerability allows a malicious actor to perform an SSRF attack remotely...

GHSA-86Q5-QCJC-7PV4 Presto JDBC Server-Side Request Forgery by nextUri

Summary Presto JDBC is vulnerable to Server-Side Request Forgery SSRF when connecting a remote Presto server. An attacker can modify the nextUri parameter to internal server in response content that Presto JDBC client will request next and view sensitive information from highly sensitive internal...

GHSA-XM7X-F3W2-4HJM Presto JDBC Server-Side Request Forgery by redirect

Summary Presto JDBC is vulnerable to Server-Side Request Forgery SSRF when connecting a remote Presto server. An attacker can construct a redirect response that Presto JDBC client will follow and view sensitive information from highly sensitive internal servers or perform a local port scan. Detai...