JetBrains Hub 代码问题漏洞

JetBrains Hub is a web-based application from JetBrains Czech Republic. JetBrains Hub has a server-side request forgery vulnerability that stems from the software's lack of validation for request forgery, which can be exploited by attackers to conduct server-side request forgery SSRF attacks...

BookWyrm 代码问题漏洞

BookWyrm is a social reading platform. BookWyrm suffers from a code issue vulnerability that stems from the fact that the url load cover feature is vulnerable to server-side request forgery attacks. An attacker can exploit the vulnerability to send unintended requests to the server via an affecte...

PT-2022-17147 · Jenkins · Jenkins Chef Sinatra Plugin +1

Name of the Vulnerable Software and Affected Versions: Jenkins Chef Sinatra Plugin versions 1.20 and earlier Description: A missing permission check in the plugin allows attackers with Overall/Read permission to have Jenkins send an HTTP request to an attacker-controlled URL and have it parse an...

CLSA-2022-1644869841 Fix of CVE: CVE-2021-34798, CVE-2021-39275, CVE-2021-36160, CVE-2021-44224

CVE-2021-44224: possible NULL dereference or SSRF in forward proxy configurations - CVE-2021-39275: out-of-bounds write in apescapequotes via malicious input - CVE-2021-36160: modproxyuwsgi: out-of-bounds read via a crafted request uri-path - CVE-2021-34798: NULL pointer dereference via malformed...

xstream: Server-side request forgery (SSRF) via unsafe deserialization of com.sun.xml.internal.ws.client.sei.*

A flaw was found in xstream, a simple library used to serialize objects to XML and back again. This flaw allows a remote attacker to request data from internal resources that are not publicly available by manipulating the processed input stream with Java runtime versions 14 to 8. The highest thre...

CVE-2022-24568

Novel-plus v3.6.0 was discovered to be vulnerable to Server-Side Request Forgery SSRF via user-supplied crafted input...

NovelPlus 代码问题漏洞

NovelPlus is an application. An open source mobile social application and idea publishing platform. Novel-plus v3.6.0 suffers from a security vulnerability that stems from the vulnerability of Novel-plus v3.6.0 to server-side request forgery SSRF attacks via user-supplied crafted input...

PT-2022-16723 · Unknown · Novel-Plus

Name of the Vulnerable Software and Affected Versions: Novel-plus version 3.6.0 Description: The issue is related to Server-Side Request Forgery SSRF that can be triggered via user-supplied crafted input. Recommendations: For Novel-plus version 3.6.0, update to a version that fixes the Server-Sid...

ArangoDB 代码问题漏洞

ArangoDB is a NoSQL database system from ArangoDB GmbH. A code issue vulnerability exists in ArangoDB versions v3.7.0 through v3.9.0-alpha.1, which stems from the system having a feature that downloads Foxx services from publicly available URLs, but this feature does not enforce proper filtering ...

PT-2022-15905 · Apache · Apache Traffic Control Traffic Ops

Name of the Vulnerable Software and Affected Versions: Apache Traffic Control Traffic Ops versions prior to 6.1.0 Apache Traffic Control Traffic Ops versions prior to 5.1.6 Description: The issue allows an unprivileged user who can reach Traffic Ops over HTTPS to send a specially-crafted POST...

Airspan Networks Mmp 代码问题漏洞

Airspan Networks Mmp is an advanced standalone network management software platform for Mimosa fixed wireless devices from Airspan Networks, U.S.A. The Airspan Networks Mmp server-side request forgery vulnerability can be exploited by attackers to force the server to create and execute Web reques...

CLSA-2022-1643747448 Fix of CVE: CVE-2021-26690, CVE-2021-30641, CVE-2021-40438

CVE-2021-40438: modproxy: SSRF via a crafted request uri-path - CVE-2021-30641: MergeSlashes regression - CVE-2021-26690: modsession NULL pointer dereference in parser...

CVE-2022-0339

Server-Side Request Forgery SSRF in Pypi calibreweb prior to 0.6.16...

PYSEC-2022-23

Server-Side Request Forgery SSRF in Pypi calibreweb prior to 0.6.16...

Calibre-Web 代码问题漏洞

Calibre-Web is a web application for browsing, reading and downloading eBooks from the Calibre database. Calibre-Web suffers from a code issue vulnerability that stems from server-side request forgery SSRF in Pypi calibreweb before 0.6.16...

PT-2022-13115 · Unknown · Calibre-Web

Name of the Vulnerable Software and Affected Versions: calibreweb versions prior to 0.6.16 Description: The issue is related to a Server-Side Request Forgery SSRF in calibreweb. This allows an attacker to forge requests from the server to other services. No information is provided about the...

CVE-2021-36349

Dell EMC Data Protection Central versions 19.5 and prior contain a Server Side Request Forgery vulnerability in the DPC DNS client processing. A remote malicious user could potentially exploit this vulnerability, allowing port scanning of external hosts...

Dell Emc Data Protection Central 代码问题漏洞

Dell Emc Data Protection Central is a management console from Dell USA Inc. It is used for data protection. A server-side request forgery vulnerability exists in Dell EMC Data Protection Central 19.5 and prior versions, which stems from the product's failure to properly validate user input and ca...

PartKeepr 代码问题漏洞

PartKeepr is an inventory management software designed primarily for electronic components.PartKeepr suffers from a server-side request forgery vulnerability, which stems from the fact that the ability to upload attachments using a URL when creating a part does not validate whether a request can ...

PeerTube 代码问题漏洞

PeerTube is a decentralized video sharing service platform. PeerTube suffers from a server-side request forgery vulnerability that stems from the product's failure to properly validate user input, which can be exploited by attackers to probe server intranet resources...