4 matches found
The vulnerability of the Kylin data processing platform, related to insufficient validation of incoming requests, allows a hacker to execute an SSRF attack.
The vulnerability of the Kylin data processing platform is related to insufficient validation of incoming requests during the processing of the final endpoint /kylin/api/xxx/diag. Exploiting this vulnerability allows a remote attacker to perform an SSRF attack...
Server-side Request Forgery (SSRF)
Overview org.apache.kylin:kylin-core-common is a package part of Apache Kylin. Affected versions of this package are vulnerable to Server-side Request Forgery SSRF through the /kylin/api/xxx/diag endpoint. An attacker can forge requests to internal services by invoking this specific API endpoint ...
Server-side Request Forgery (SSRF)
Overview Affected versions of this package are vulnerable to Server-side Request Forgery SSRF through the /kylin/api/xxx/diag endpoint. An attacker can forge requests to internal services by invoking this specific API endpoint on another host. Notes: 1 This is only exploitable if the attacker has...
PT-2024-13836 · Couchbase · Couchbase Server
Name of the Vulnerable Software and Affected Versions: Couchbase Server versions prior to 7.2.4 Description: An issue was discovered where SQL++ cURL calls to the "/diag/eval" API endpoint are not sufficiently restricted. Recommendations: For versions prior to 7.2.4, update to version 7.2.4 or...