154 matches found
CVE-2022-38299
Summary : CVE-2022-38299 affects Appsmith v1.7.11 via its Elasticsearch plugin, where the underlying issue allows attackers to connect disallowed hosts to the AWS/GCP internal metadata endpoint. The NVD entry assigns a CVSSv3.1 base score of 4.3 (Network, Low attack complexity, Low privileges, no...
CVE-2022-38298
Appsmith v1.7.11 was discovered to allow attackers to execute an authenticated Server-Side Request Forgery SSRF via redirecting incoming requests to the AWS internal metadata endpoint...
CVE-2022-38298
Appsmith v1.7.11 was discovered to allow attackers to execute an authenticated Server-Side Request Forgery SSRF via redirecting incoming requests to the AWS internal metadata endpoint...
CVE-2022-38298
CVE-2022-38298 affects Appsmith v1.7.11, enabling an authenticated Server-Side Request Forgery (SSRF) by redirecting incoming requests to the AWS internal metadata endpoint. The CVSSv3.1 data indicates high impact on confidentiality, integrity, and availability (base score 8.8). The provided docu...
PT-2022-24348 · Appsmith · Appsmith
Name of the Vulnerable Software and Affected Versions: Appsmith version 1.7.11 Description: The issue allows attackers to execute an authenticated Server-Side Request Forgery SSRF via redirecting incoming requests to the AWS internal metadata endpoint. This is achieved by exploiting a vulnerabili...
Appsmith 代码问题漏洞
Appsmith is an open source platform for building, deploying and maintaining on-premise applications from Appsmith Open Source. A security vulnerability exists in Appsmith version v1.7.11 that stems from a vulnerability that allows an attacker to perform authenticated server-side request forgery...
Appsmith 安全漏洞
Appsmith is an open source platform for building, deploying and maintaining on-premise applications from Appsmith Open Source. A security vulnerability exists in Appsmith version v1.7.11, which stems from an issue in the Elasticsearch plugin that allows an attacker to connect unallowed hosts to...
PT-2022-24349 · Appsmith +1 · Appsmith +1
Name of the Vulnerable Software and Affected Versions: Appsmith version 1.7.11 Description: An issue in the Elasticsearch plugin allows attackers to connect disallowed hosts to the AWS/GCP internal metadata endpoint. Recommendations: For Appsmith version 1.7.11, consider disabling the Elasticsear...
CVE-2022-39824
Server-side JavaScript injection in Appsmith through 1.7.14 allows remote attackers to execute arbitrary JavaScript code from the server via the currentItem property of the list widget, e.g., to perform DoS attacks or achieve an information leak...
Design/Logic Flaw
Server-side JavaScript injection in Appsmith through 1.7.14 allows remote attackers to execute arbitrary JavaScript code from the server via the currentItem property of the list widget, e.g., to perform DoS attacks or achieve an information leak...
CVE-2022-39824
Server-side JavaScript injection in Appsmith through 1.7.14 allows remote attackers to execute arbitrary JavaScript code from the server via the currentItem property of the list widget, e.g., to perform DoS attacks or achieve an information leak...
CVE-2022-39824
Server-side JavaScript injection in Appsmith through 1.7.14 allows remote attackers to execute arbitrary JavaScript code from the server via the currentItem property of the list widget, e.g., to perform DoS attacks or achieve an information leak...
CVE-2022-39824
CVE-2022-39824 (Appsmith) : The provided documents confirm a server-side JavaScript injection vulnerability in Appsmith up to version 1.7.14, exploitable via the currentItem property of the list widget. The underlying issue allows remote attackers to run arbitrary JavaScript on the server, leadin...
Appsmith 跨站脚本漏洞
Appsmith is an open source platform from Appsmith Open Source for building, deploying and maintaining internal applications. A security vulnerability exists in Appsmith version 1.7.14, which originates from server-side JavaScript injection and allows remote attackers to execute arbitrary JavaScri...