3 matches found
CVE-2021-3742
creationtimestamp| type| source ---|---|--- 2024-11-15 10:54:16+00:00| seen| https://infosec.exchange/users/cve/statuses/113486597712148555 2024-11-15 13:15:51+00:00| seen| https://t.me/cvedetector/11073 2026-07-03 18:37:06+00:00| seen| https://bsky.app/profile/cyberhub.blog/post/3mpr6v46ffi23...
CVE-2021-3742 Server-Side Request Forgery (SSRF) in chatwoot/chatwoot
A Server-Side Request Forgery SSRF vulnerability was discovered in chatwoot/chatwoot, affecting all versions prior to 2.5.0. The vulnerability allows an attacker to upload an SVG file containing a malicious SSRF payload. When the SVG file is used as an avatar and opened in a new tab, it can trigg...
CVE-2021-3742
Chatwoot/chatwoot before 2.5.0 is affected by a Server-Side Request Forgery (SSRF) via SVG file uploads used as avatars; opening the SVG can trigger SSRF and host redirection. Root cause: SVG handling allows SSRF payloads in uploaded avatars. Impact: host redirection. Remediation: upgrade to 2.5....