8 matches found
EUVD-2024-16838
Malicious code in bioql PyPI...
Server side request forgery (ssrf)
Appwrite = v1.4.13 is affected by a Server-Side Request Forgery SSRF via the '/v1/avatars/favicon' endpoint due to an incomplete fix of CVE-2023-27159...
CVE-2024-1063
Appwrite = v1.4.13 is affected by a Server-Side Request Forgery SSRF via the '/v1/avatars/favicon' endpoint due to an incomplete fix of CVE-2023-27159...
CVE-2024-1063
The issue is an SSRF in Appwrite via /v1/avatars/favicon visible in multiple sources. Affected product: Appwrite versions up to 1.4.13; root cause linked to an incomplete fix of CVE-2023-27159. Impact described as potential access to internal resources and data via crafted requests. Remediation: ...
CVE-2024-1063
Appwrite = v1.4.13 is affected by a Server-Side Request Forgery SSRF via the '/v1/avatars/favicon' endpoint due to an incomplete fix of CVE-2023-27159...
CVE-2023-27159
creationtimestamp| type| source ---|---|--- 2023-03-31 22:22:25+00:00| seen| https://t.me/cibsecurity/61274 2025-03-09 00:00:00+00:00| exploited| The Shadowserver honeypot/exploited-vulnerabilities - 2025-03-09 2026-06-23 14:06:13+00:00| exploited|...
CVE-2023-27159
Appwrite up to v1.2.1 was discovered to contain a Server-Side Request Forgery SSRF via the component /v1/avatars/favicon. This vulnerability allows attackers to access network resources and sensitive information via a crafted GET request...
CVE-2023-27159
Appwrite