Lucene search
+L

4 matches found

Packet Storm
Packet Storm
added 2020/10/21 12:0 a.m.829 views

Libtaxii 1.1.117 / OpenTaxi 0.2.0 Server-Side Request Forgery

Libtaxii version = 1.1.117 & OpenTaxi =0.2.0 Blind SSRF Details ======================================================================================== Product: Security-Risk: High Remote-Exploit: yes Vendor-URL: https://github.com/eclecticiq/OpenTAXII , https://github.com/TAXIIProject/libtaxii...

0.02277EPSS
Exploits2
OSV
OSV
added 2020/10/17 8:15 p.m.6 views

CVE-2020-27197

TAXII libtaxii through 1.1.117, as used in EclecticIQ OpenTAXII through 0.2.0 and other products, allows SSRF via an initial http:// substring to the parse method, even when the nonetwork setting is used for the XML parser. NOTE: the vendor points out that the parse method "wraps the lxml library...

9.8CVSS9.5AI score
Exploits0References3
Cvelist
Cvelist
added 2020/10/17 7:19 p.m.18 views

CVE-2020-27197

TAXII libtaxii through 1.1.117, as used in EclecticIQ OpenTAXII through 0.2.0 and other products, allows SSRF via an initial http:// substring to the parse method, even when the nonetwork setting is used for the XML parser. NOTE: the vendor points out that the parse method "wraps the lxml library...

9.6AI score0.02277EPSS
Exploits2References3
CVE
CVE
added 2020/10/17 7:19 p.m.103 views

CVE-2020-27197

CVE-2020-27197 affects TAXII libtaxii up to v1.1.117 and EclecticIQ OpenTAXII up to v0.2.0. The root cause is SSRF via an initial http:// substring to the parse method, even when the XML parser is configured with no_network. The vulnerability is triggered through the parse method that wraps the l...

9.8CVSS9.4AI score0.02277EPSS
Exploits2References3Affected Software2
Rows per page
Query Builder