Lucene search
+L

4 matches found

BDU FSTEC
BDU FSTEC
added 2025/03/30 12:0 a.m.12 views

The vulnerability of the Kylin data processing platform, related to insufficient validation of incoming requests, allows a hacker to execute an SSRF attack.

The vulnerability of the Kylin data processing platform is related to insufficient validation of incoming requests during the processing of the final endpoint /kylin/api/xxx/diag. Exploiting this vulnerability allows a remote attacker to perform an SSRF attack...

6.8CVSS5.5AI score0.00577EPSS
Exploits0References3Affected Software1
Snyk
Snyk
added 2025/03/27 3:31 p.m.3 views

Server-side Request Forgery (SSRF)

Overview org.apache.kylin:kylin-core-common is a package part of Apache Kylin. Affected versions of this package are vulnerable to Server-side Request Forgery SSRF through the /kylin/api/xxx/diag endpoint. An attacker can forge requests to internal services by invoking this specific API endpoint ...

6.5CVSS7AI score0.00577EPSS
Exploits0References2
Snyk
Snyk
added 2025/03/27 3:31 p.m.4 views

Server-side Request Forgery (SSRF)

Overview Affected versions of this package are vulnerable to Server-side Request Forgery SSRF through the /kylin/api/xxx/diag endpoint. An attacker can forge requests to internal services by invoking this specific API endpoint on another host. Notes: 1 This is only exploitable if the attacker has...

6.5CVSS7AI score0.00577EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2024/02/28 12:0 a.m.7 views

PT-2024-13836 · Couchbase · Couchbase Server

Name of the Vulnerable Software and Affected Versions: Couchbase Server versions prior to 7.2.4 Description: An issue was discovered where SQL++ cURL calls to the "/diag/eval" API endpoint are not sufficiently restricted. Recommendations: For versions prior to 7.2.4, update to version 7.2.4 or...

9.8CVSS6.9AI score0.0091EPSS
Exploits0References6
Rows per page
Query Builder