Apache Fineract 代码问题漏洞

Apache Fineract is an open source system for platformizing core banking systems. A reliable, robust and affordable financial services solution for entrepreneurs, financial institutions and service providers. A server-side request forgery vulnerability exists in Apache Fineract versions 1.4 throug...

PT-2023-20005 · Stimulsoft · Stimulsoft Reporting Designer +1

Name of the Vulnerable Software and Affected Versions: Stimulsoft Designer Web version 2023.1.3 Description: The issue allows an attacker to perform Server Side Request Forgery SSRF attacks. The Reporting Designer Web can embed sources from external locations, and when a user chooses such a...

USN-5973-1 node-url-parse vulnerabilities

It was discovered that url-parse incorrectly handled certain inputs. If a user or an automated system were tricked into opening a specially crafted input file, a remote attacker could possibly use this issue to cause a denial of service, or to perform a server-side request forgery attack or open...

CVE-2023-1634

A vulnerability was found in OTCMS 6.72. It has been classified as critical. Affected is the function UseCurl of the file /admin/infodeal.php of the component URL Parameter Handler. The manipulation leads to server-side request forgery. It is possible to launch the attack remotely. The exploit ha...

OTCMS 代码问题漏洞

OTCMS Nettie CMS is a content management system CMS for article-based websites. A security vulnerability exists in OTCMS version 6.72. An attacker could exploit this vulnerability to perform server-side request forgery attacks...

PT-2023-21902 · Jenkins · Jenkins Phabricator Differential Plugin +1

Name of the Vulnerable Software and Affected Versions: Jenkins Phabricator Differential Plugin versions 2.1.5 and earlier Description: The issue is related to the configuration of the XML parser, which does not prevent XML external entity XXE attacks. This allows attackers who can control coverag...

DEBIAN-CVE-2023-27586

CairoSVG is an SVG converter based on Cairo, a 2D graphics library. Prior to version 2.7.0, Cairo can send requests to external hosts when processing SVG files. A malicious actor could send a specially crafted SVG file that allows them to perform a server-side request forgery or denial of service...

UBUNTU-CVE-2023-27586

CairoSVG is an SVG converter based on Cairo, a 2D graphics library. Prior to version 2.7.0, Cairo can send requests to external hosts when processing SVG files. A malicious actor could send a specially crafted SVG file that allows them to perform a server-side request forgery or denial of service...

The vulnerability of the NetAct network management system lies in the improper limitation of XML links to external objects. This allows attackers to gain unauthorized access to protected information or perform SSRF attacks.

The vulnerability of the NetAct network management system is related to incorrect restrictions on XML links to external objects. Exploiting this vulnerability can allow a malicious actor to gain unauthorized access to protected information or perform an SSRF attack...

Kozea CairoSVG 代码问题漏洞

Kozea CairoSVG is a Python based software from the Kozea community that converts SVG files to PDF, EPS, PS and PNG files. A code issue vulnerability exists in Kozea CairoSVG versions prior to 2.7.0, which stems from the fact that Cairo can send requests to an external host when processing SVG...

The vulnerability of the NetAct network management system lies in the improper restriction of XML links to external objects. This allows attackers to gain unauthorized access to protected information or perform SSRF attacks.

The vulnerability of the NetAct network management system is related to incorrect restrictions on XML links to external objects. Exploiting this vulnerability can allow a malicious actor to gain unauthorized access to protected information or perform an SSRF attack...

PT-2023-21570 · Discourse · Discourse

Name of the Vulnerable Software and Affected Versions: Discourse versions prior to 3.1.0.beta3 Description: The issue allows attackers to bypass Discourse's server-side request forgery SSRF protection for private IPv4 addresses by using an IPv4-mapped IPv6 address. Recommendations: For versions...

CVE-2023-28155

The Request package through 2.88.1 for Node.js allows a bypass of SSRF mitigations via an attacker-controller server that does a cross-protocol redirect HTTP to HTTPS, or HTTPS to HTTP. NOTE: This vulnerability only affects products that are no longer supported by the maintainer...

DEBIAN-CVE-2023-28155

The Request package through 2.88.1 for Node.js allows a bypass of SSRF mitigations via an attacker-controller server that does a cross-protocol redirect HTTP to HTTPS, or HTTPS to HTTP. NOTE: This vulnerability only affects products that are no longer supported by the maintainer...

AZL-43444 CVE-2023-28155 affecting package js-jquery 3.5.0-4

The Request package through 2.88.1 for Node.js allows a bypass of SSRF mitigations via an attacker-controller server that does a cross-protocol redirect HTTP to HTTPS, or HTTPS to HTTP. NOTE: This vulnerability only affects products that are no longer supported by the maintainer...

AZL-25664 CVE-2023-28155 affecting package reaper for versions less than 3.1.1-5

The Request package through 2.88.1 for Node.js allows a bypass of SSRF mitigations via an attacker-controller server that does a cross-protocol redirect HTTP to HTTPS, or HTTPS to HTTP. NOTE: This vulnerability only affects products that are no longer supported by the maintainer...

Node.js request 代码问题漏洞

Node.js is an open source, cross-platform JavaScript runtime environment. A security vulnerability exists in Node.js version 2.88.1 and earlier versions. An attacker exploits the vulnerability to bypass server-side request forgery checks...

Jellyfin 代码问题漏洞

Jellyfin is a free software media system. Jellyfin suffers from an SSRF vulnerability that can be exploited by an attacker to access web resources and sensitive information via a crafted POST request...

CVE-2023-25230

A Server-Side Request Forgery SSRF in loonflow r2.0.14 allows attackers to force the application to make arbitrary requests via manipulation of the hookurl parameter...

loonflow 代码问题漏洞

loonflow is a django based workflow engine by blackholll individual developer. A code issue vulnerability exists in loonflow version r2.0.14. An attacker could exploit this vulnerability to conduct server-side request forgery SSRF attacks...