Server-Side Request Forgery (SSRF)

libtaxii is vulnerable to Server-Side Request Forgery SSRF. The vulnerability is due to improper handling of an initial http:// substring in the parse method, even when the XML parser is configured with the nonetwork setting, which allows an attacker to trigger unauthorized network requests throu...

GHSA-836C-XG97-8P4H libtaxii Server-Side Request Forgery vulnerability

"TAXII libtaxii through 1.1.117, as used in EclecticIQ OpenTAXII through 0.2.0 and other products, allows SSRF via an initial http:// substring to the parse method, even when the nonetwork setting is used for the XML parser. NOTE: the vendor points out that the parse method "wraps the lxml librar...

libtaxii Server-Side Request Forgery vulnerability

"TAXII libtaxii through 1.1.117, as used in EclecticIQ OpenTAXII through 0.2.0 and other products, allows SSRF via an initial http:// substring to the parse method, even when the nonetwork setting is used for the XML parser. NOTE: the vendor points out that the parse method "wraps the lxml librar...

Libtaxii 1.1.117 / OpenTaxi 0.2.0 Server-Side Request Forgery

Libtaxii version = 1.1.117 & OpenTaxi =0.2.0 Blind SSRF Details ======================================================================================== Product: Security-Risk: High Remote-Exploit: yes Vendor-URL: https://github.com/eclecticiq/OpenTAXII , https://github.com/TAXIIProject/libtaxii...

CVE-2020-27197

TAXII libtaxii through 1.1.117, as used in EclecticIQ OpenTAXII through 0.2.0 and other products, allows SSRF via an initial http:// substring to the parse method, even when the nonetwork setting is used for the XML parser. NOTE: the vendor points out that the parse method "wraps the lxml library...

CVE-2020-27197

TAXII libtaxii through 1.1.117, as used in EclecticIQ OpenTAXII through 0.2.0 and other products, allows SSRF via an initial http:// substring to the parse method, even when the nonetwork setting is used for the XML parser. NOTE: the vendor points out that the parse method "wraps the lxml library...

CVE-2020-27197

TAXII libtaxii through 1.1.117, as used in EclecticIQ OpenTAXII through 0.2.0 and other products, allows SSRF via an initial http:// substring to the parse method, even when the nonetwork setting is used for the XML parser. NOTE: the vendor points out that the parse method "wraps the lxml library...

PYSEC-2020-59

DISPUTED TAXII libtaxii through 1.1.117, as used in EclecticIQ OpenTAXII through 0.2.0 and other products, allows SSRF via an initial http:// substring to the parse method, even when the nonetwork setting is used for the XML parser. NOTE: the vendor points out that the parse method "wraps the lxm...

CVE-2020-27197

CVE-2020-27197 affects TAXII libtaxii up to v1.1.117 and EclecticIQ OpenTAXII up to v0.2.0. The root cause is SSRF via an initial http:// substring to the parse method, even when the XML parser is configured with no_network. The vulnerability is triggered through the parse method that wraps the l...