CVE-2021-36202

Server-Side Request Forgery SSRF vulnerability in Johnson Controls Metasys could allow an authenticated attacker to inject malicious code into the MUI PDF export feature. This issue affects: Johnson Controls Metasys All 10 versions versions prior to 10.1.5; All 11 versions versions prior to 11.0....

CVE-2022-22339

IBM Planning Analytics 2.0 is vulnerable to server-side request forgery SSRF. This may allow an authenticated attacker to send unauthorized requests from the system, potentially leading to network enumeration or facilitating other attacks. IBM X-Force ID: 219736...

UBUNTU-CVE-2022-1188

An issue has been discovered in GitLab CE/EE affecting all versions starting from 12.1 before 14.7.7, all versions starting from 14.8 before 14.8.5, all versions starting from 14.9 before 14.9.2 where a blind SSRF attack through the repository mirroring feature was possible...

PT-2022-13174 · Gitlab · Gitlab Ce/Ee +1

Name of the Vulnerable Software and Affected Versions: GitLab CE/EE versions 7.9 and later Description: A DNS rebinding issue in the Irker IRC Gateway integration allows an attacker to trigger Server Side Request Forgery SSRF attacks. Recommendations: For GitLab CE/EE versions 7.9 and later, at t...

CVE-2022-1191

SSRF on index.php/cobrowse/proxycss/ in GitHub repository livehelperchat/livehelperchat prior to 3.96...

PT-2022-13704 · Unknown · Livehelperchat

Name of the Vulnerable Software and Affected Versions: livehelperchat/livehelperchat versions prior to 3.96 Description: The issue is related to a Server-Side Request Forgery SSRF in the index.php/cobrowse/proxycss/ endpoint of the livehelperchat/livehelperchat GitHub repository. This allows for...

CVE-2022-27907

Sonatype Nexus Repository Manager 3.x before 3.38.0 allows SSRF...

Jenkins Flaky Test Handler Plugin 代码问题漏洞

Jenkins and Jenkins Plugin are both Jenkins open source products. jenkins is an application. An open source automation server, Jenkins provides hundreds of plugins to support building, deploying, and automating any project. jenkins Plugin is an application. jenkins Flaky Test Handler Plugin 1.2.1...

CVE-2022-0136

A vulnerability was discovered in GitLab versions 10.5 to 14.5.4, 14.6 to 14.6.4, and 14.7 to 14.7.1. GitLab was vulnerable to a blind SSRF attack through the Project Import feature...

CVE-2022-0249

A vulnerability was discovered in GitLab starting with version 12. GitLab was vulnerable to a blind SSRF attack since requests to shared address space were not blocked...

UBUNTU-CVE-2022-0136

A vulnerability was discovered in GitLab versions 10.5 to 14.5.4, 14.6 to 14.6.4, and 14.7 to 14.7.1. GitLab was vulnerable to a blind SSRF attack through the Project Import feature...

Alibaba Sentinel 代码问题漏洞

Alibaba Sentinel is a highly available open source flow control protection component for cloud-native microservices from Alibaba, China. A security vulnerability exists in Alibaba Sentinel version 1.8.2. An attacker can exploit this vulnerability to conduct server-side request forgery attacks...

GHSA-GW4J-4229-Q4PX Server-Side Request Forgery in Apache Dubbo

In Apache Dubbo prior to 2.6.9 and 2.7.10, the usage of parseURL method will lead to the bypass of white host check which can cause open redirect or SSRF vulnerability...

CVE-2021-46107

Ligeo Archives Ligeo Basics as of 0201-2022 is vulnerable to Server Side Request Forgery SSRF which allows an attacker to read any documents via the download features...

CVE-2021-39051

IBM Spectrum Copy Data Management 2.2.0.0 through 2.2.14.3 is vulnerable to server-side request forgery, caused by improper input of application server registration function. A remote attacker could exploit this vulnerability using the host address and port fields of the application server...

AllTube Download 代码问题漏洞

AllTube Download is a Youtube-dl Web Gui by Pierre Rudloff, an individual developer. AllTube Download suffers from a code issue vulnerability that stems from the fact that cross-site request forgery attacks can only occur on the HTML frontend of youtube-dl when Alltube has the "stream" option...

CVE-2022-0528

Server-Side Request Forgery SSRF in GitHub repository transloadit/uppy prior to 3.3.1...

CVE-2022-0768

Server-Side Request Forgery SSRF in GitHub repository rudloff/alltube prior to 3.0.2...

CVE-2022-25260

JetBrains Hub before 2021.1.14276 was vulnerable to blind Server-Side Request Forgery SSRF...

CVE-2022-24333

In JetBrains TeamCity before 2021.2, blind SSRF via an XML-RPC call was possible...