Lucene search
K

175 matches found

Prion
Prion
added 2023/06/06 7:15 p.m.13 views

Server side request forgery (ssrf)

Synapse is a Matrix protocol homeserver written in Python with the Twisted framework. A discovered oEmbed or image URL can bypass the urlpreviewurlblacklist setting potentially allowing server side request forgery or bypassing network policies. Impact is limited to IP addresses allowed by the...

5.5CVSS5.3AI score0.00605EPSS
Exploits0References3Affected Software1
UbuntuCve
UbuntuCve
added 2023/06/06 7:15 p.m.34 views

CVE-2023-32683

Synapse is a Matrix protocol homeserver written in Python with the Twisted framework. A discovered oEmbed or image URL can bypass the urlpreviewurlblacklist setting potentially allowing server side request forgery or bypassing network policies. Impact is limited to IP addresses allowed by the...

5.4CVSS6.4AI score0.00605EPSS
Exploits0References4
PyPA
PyPA
added 2023/06/06 7:15 p.m.6 views

PYSEC-2023-85

Synapse is a Matrix protocol homeserver written in Python with the Twisted framework. A discovered oEmbed or image URL can bypass the urlpreviewurlblacklist setting potentially allowing server side request forgery or bypassing network policies. Impact is limited to IP addresses allowed by the...

5.4CVSS6.7AI score0.00605EPSS
Exploits0References3Affected Software1
OSV
OSV
added 2023/06/06 7:15 p.m.10 views

PYSEC-2023-85

Synapse is a Matrix protocol homeserver written in Python with the Twisted framework. A discovered oEmbed or image URL can bypass the urlpreviewurlblacklist setting potentially allowing server side request forgery or bypassing network policies. Impact is limited to IP addresses allowed by the...

5.4CVSS6.9AI score0.00605EPSS
Exploits0References2
OSV
OSV
added 2023/06/06 7:15 p.m.1 views

UBUNTU-CVE-2023-32683

Synapse is a Matrix protocol homeserver written in Python with the Twisted framework. A discovered oEmbed or image URL can bypass the urlpreviewurlblacklist setting potentially allowing server side request forgery or bypassing network policies. Impact is limited to IP addresses allowed by the...

5.4CVSS6.4AI score0.00605EPSS
Exploits0References5
Debian CVE
Debian CVE
added 2023/06/06 6:24 p.m.16 views

CVE-2023-32683

Synapse is a Matrix protocol homeserver written in Python with the Twisted framework. A discovered oEmbed or image URL can bypass the urlpreviewurlblacklist setting potentially allowing server side request forgery or bypassing network policies. Impact is limited to IP addresses allowed by the...

5.4CVSS5.9AI score0.00605EPSS
Exploits0
Cvelist
Cvelist
added 2023/06/06 6:24 p.m.41 views

CVE-2023-32683 URL deny list bypass via oEmbed and image URLs when generating previews in Synapse

Synapse is a Matrix protocol homeserver written in Python with the Twisted framework. A discovered oEmbed or image URL can bypass the urlpreviewurlblacklist setting potentially allowing server side request forgery or bypassing network policies. Impact is limited to IP addresses allowed by the...

3.5CVSS5.6AI score0.00605EPSS
Exploits0References3
CVE
CVE
added 2023/06/06 6:24 p.m.159 views

CVE-2023-32683

Synapse (Python, Twisted) contains a vulnerability CVE-2023-32683 where a discovered oEmbed or image URL can bypass the url_preview_url_blacklist, potentially enabling server-side request forgery or bypassing network policies. The impact is constrained to IPs allowed by url_preview_ip_range_black...

5.4CVSS4.4AI score0.00605EPSS
Exploits0References3Affected Software1
OSV
OSV
added 2023/06/06 6:24 p.m.12 views

CVE-2023-32683 URL deny list bypass via oEmbed and image URLs when generating previews in Synapse

Synapse is a Matrix protocol homeserver written in Python with the Twisted framework. A discovered oEmbed or image URL can bypass the urlpreviewurlblacklist setting potentially allowing server side request forgery or bypassing network policies. Impact is limited to IP addresses allowed by the...

3.5CVSS5.8AI score0.00605EPSS
Exploits0References5
AlpineLinux
AlpineLinux
added 2023/06/06 6:24 p.m.26 views

CVE-2023-32683

Synapse is a Matrix protocol homeserver written in Python with the Twisted framework. A discovered oEmbed or image URL can bypass the urlpreviewurlblacklist setting potentially allowing server side request forgery or bypassing network policies. Impact is limited to IP addresses allowed by the...

5.4CVSS4.6AI score0.00605EPSS
Exploits0
OSV
OSV
added 2023/06/06 4:41 p.m.20 views

GHSA-98PX-6486-J7QC Synapse has URL deny list bypass via oEmbed and image URLs when generating previews

Impact A discovered oEmbed or image URL can bypass the urlpreviewurlblacklist setting potentially allowing server side request forgery or bypassing network policies. Impact is limited to IP addresses allowed by the urlpreviewiprangeblacklist setting by default this only allows public IPs and by t...

5.1CVSS4.3AI score0.00605EPSS
Exploits0References7
Github Security Blog
Github Security Blog
added 2023/06/06 4:41 p.m.25 views

Synapse has URL deny list bypass via oEmbed and image URLs when generating previews

Impact A discovered oEmbed or image URL can bypass the urlpreviewurlblacklist setting potentially allowing server side request forgery or bypassing network policies. Impact is limited to IP addresses allowed by the urlpreviewiprangeblacklist setting by default this only allows public IPs and by t...

5.4CVSS6.7AI score0.00605EPSS
Exploits0References7Affected Software1
Snyk
Snyk
added 2023/05/16 12:0 a.m.2 views

Cross-site Scripting (XSS)

Overview johnpbloch/wordpress-core is a web software you can use to create a website or blog. Affected versions of this package are vulnerable to Cross-site Scripting XSS due to insufficient validation of the protocol in the response when processing oEmbed discovery. An attacker can inject...

6.4CVSS5.3AI score
Exploits0References2
OSV
OSV
added 2023/04/26 3:30 p.m.17 views

GHSA-4WFQ-JC9H-VPCX Lack of domain validation in Druple core

The Media oEmbed iframe route does not properly validate the iframe domain setting, which allows embeds to be displayed in the context of the primary domain. Under certain circumstances, this could lead to cross-site scripting, leaked cookies, or other vulnerabilities. Drupal 7 core does not...

6.1CVSS6.1AI score0.00526EPSS
Exploits0References3
UbuntuCve
UbuntuCve
added 2023/04/26 3:15 p.m.29 views

CVE-2022-25276

The Media oEmbed iframe route does not properly validate the iframe domain setting, which allows embeds to be displayed in the context of the primary domain. Under certain circumstances, this could lead to cross-site scripting, leaked cookies, or other vulnerabilities...

6.1CVSS6.3AI score0.00526EPSS
Exploits0References2
OSV
OSV
added 2023/04/26 3:15 p.m.1 views

UBUNTU-CVE-2022-25276

The Media oEmbed iframe route does not properly validate the iframe domain setting, which allows embeds to be displayed in the context of the primary domain. Under certain circumstances, this could lead to cross-site scripting, leaked cookies, or other vulnerabilities...

6.1CVSS5.7AI score0.00526EPSS
Exploits0References3
OSV
OSV
added 2023/04/26 12:0 a.m.25 views

CVE-2022-25276

The Media oEmbed iframe route does not properly validate the iframe domain setting, which allows embeds to be displayed in the context of the primary domain. Under certain circumstances, this could lead to cross-site scripting, leaked cookies, or other vulnerabilities...

6.1CVSS6.4AI score0.00526EPSS
Exploits0References3
CVE
CVE
added 2023/04/26 12:0 a.m.175 views

CVE-2022-25276

The CVE-2022-25276 issue affects Drupal’s Media oEmbed iframe route, where iframe domain validation is insufficient, causing embeds to render in the context of the primary domain. This misvalidation can lead to cross-site scripting, leaked cookies, or other vulnerabilities under certain circumsta...

6.1CVSS6AI score0.00526EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2023/04/26 12:0 a.m.27 views

CVE-2022-25276

The Media oEmbed iframe route does not properly validate the iframe domain setting, which allows embeds to be displayed in the context of the primary domain. Under certain circumstances, this could lead to cross-site scripting, leaked cookies, or other vulnerabilities...

6.5AI score0.00526EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2023/04/26 12:0 a.m.3 views

PT-2023-12783 · Drupal · Drupal

Name of the Vulnerable Software and Affected Versions: Drupal versions prior to the fixed version Description: The Media oEmbed iframe route does not properly validate the iframe domain setting, which allows embeds to be displayed in the context of the primary domain. Under certain circumstances,...

6.1CVSS6AI score0.00526EPSS
Exploits0References12
Rows per page
Query Builder