12 matches found
CVE-2026-40114
PraisonAI's /api/v1/runs accepts an arbitrary webhook_url in requests and, before version 4.5.128, posts results to that URL after job completion using httpx.AsyncClient. This enables SSRF from an unauthenticated attacker to reach internal or external destinations, including cloud metadata servic...
EUVD-2019-15043
Malware in sbrugna...
CVE-2023-22472
Deck is a kanban style organization tool aimed at personal planning and project organization for teams integrated with Nextcloud. It is possible to make a user send any POST request with an arbitrary body given they click on a malicious deep link on a Windows computer. e.g. in an email, chat link...
CVE-2019-5461
An input validation problem was discovered in the GitHub service integration which could result in an attacker being able to make arbitrary POST requests in a GitLab instance's internal network. This vulnerability was addressed in 12.1.2, 12.0.4, and 11.11.6...
GitLab 跨站脚本漏洞
GitLab is an open source, end-to-end software development platform from GitLab, Inc. with built-in version control, issue tracking, code review, CI/CD Continuous Integration and Continuous Delivery, and other features. A security vulnerability exists in GitLab EE/CE. An attacker exploiting the...
PT-2022-13176 · Gitlab · Gitlab Ce/Ee +1
Name of the Vulnerable Software and Affected Versions: GitLab CE/EE versions 14.5 and later Description: The issue is related to missing sanitization of HTML attributes in Jupyter notebooks, allowing an attacker to perform arbitrary HTTP POST requests on a user's behalf, potentially leading to...
CVE-2019-5461
An input validation problem was discovered in the GitHub service integration which could result in an attacker being able to make arbitrary POST requests in a GitLab instance's internal network. This vulnerability was addressed in 12.1.2, 12.0.4, and 11.11.6...
CVE-2019-5461
An input validation problem was discovered in the GitHub service integration which could result in an attacker being able to make arbitrary POST requests in a GitLab instance's internal network. This vulnerability was addressed in 12.1.2, 12.0.4, and 11.11.6...
Input validation
An input validation problem was discovered in the GitHub service integration which could result in an attacker being able to make arbitrary POST requests in a GitLab instance's internal network. This vulnerability was addressed in 12.1.2, 12.0.4, and 11.11.6...
CVE-2019-5461
Removed by vendor...
CVE-2019-5461
CVE-2019-5461 is a GitLab SSRF/ input validation vulnerability found in the GitHub service integration that allowed an attacker to cause arbitrary POST requests from within a GitLab instance’s internal network. The root cause is input validation weakness in the GitHub integration, enabling reques...
GitLab: GitLab's GitHub integration is vulnerable to SSRF vulnerability
The GitHub service is vulnerable to a SSRF vulnerability. An attacker may be able to leverage this to make arbitrary POST requests in a GitLab instance's internal network. It can also be used to connect to cloud provider's instance metadata API, which may result in the ability to execute commands...