10 matches found
CVE-2024-1063
Appwrite = v1.4.13 is affected by a Server-Side Request Forgery SSRF via the '/v1/avatars/favicon' endpoint due to an incomplete fix of CVE-2023-27159...
CVE-2023-27159
Appwrite up to v1.2.1 was discovered to contain a Server-Side Request Forgery SSRF via the component /v1/avatars/favicon. This vulnerability allows attackers to access network resources and sensitive information via a crafted GET request...
CVE-2022-25377
The ACME-challenge endpoint in Appwrite 0.5.0 through 0.12.x before 0.12.2 allows remote attackers to read arbitrary local files via ../ directory traversal. In order to be vulnerable, APPSTORAGECERTIFICATES/.well-known/acme-challenge must exist on disk. This pathname is automatically created if...
CVE-2022-2925
Cross-site Scripting XSS - Stored in GitHub repository appwrite/appwrite prior to 1.0.0-RC1...
GHSA-WFM3-GQ9H-MRJM Appwrite Directory Traversal vulnerability
The ACME-challenge endpoint in Appwrite 0.5.0 through 0.12.x before 0.12.2 allows remote attackers to read arbitrary local files via ../ directory traversal. In order to be vulnerable, APPSTORAGECERTIFICATES/.well-known/acme-challenge must exist on disk. This pathname is automatically created if...
CVE-2024-1063
Appwrite = v1.4.13 is affected by a Server-Side Request Forgery SSRF via the '/v1/avatars/favicon' endpoint due to an incomplete fix of CVE-2023-27159...
appw (>=0.0.1 <=0.0.2), appwrite-sync (=0.4.5) +8 more potentially affected by CVE-2023-50974 via appwrite (>=0.10.0 <=2.0.2)
appwrite PYPI version =0.10.0, =0.0.1, =0.1.0, =1.1.5, =0.0.36, =0.1.0, =0.1.4, =1.0.0, =2.0.1 - views-stepshifter =1.1.0 Source cves: CVE-2023-50974 Source advisory: OSV:PYSEC-2024-2...
Appwrite Security Vulnerabilities
Appwrite is Appwrite open source an end-to-end backend server . It is used to package web, mobile, native or backend applications as a set of Docker microservices. A security vulnerability exists in the Appwrite CLI prior to version 3.0.0, which stems from the fact that when the login command is...
CVE-2023-27159
Appwrite up to v1.2.1 was discovered to contain a Server-Side Request Forgery SSRF via the component /v1/avatars/favicon. This vulnerability allows attackers to access network resources and sensitive information via a crafted GET request...
PT-2022-19497 · Appwrite · Appwrite
Name of the Vulnerable Software and Affected Versions: appwrite versions prior to 1.0.0-RC1 Description: The issue is related to stored Cross-site Scripting XSS in the appwrite repository. This type of attack occurs when an application stores user input data without proper validation, allowing an...