4 matches found
GHSA-5FHX-9JWJ-867M Weblate: Authenticated SSRF via redirect bypass of ALLOWED_ASSET_DOMAINS in screenshot URL uploads
Impact The ALLOWEDASSETDOMAINS setting applied only to the first issued requests and didn't restrict possible redirects. Patches https://github.com/WeblateOrg/weblate/pull/18550 References This issue was reported by @spbavarva via GitHub...
Weblate: Authenticated SSRF via redirect bypass of ALLOWED_ASSET_DOMAINS in screenshot URL uploads
Impact The ALLOWEDASSETDOMAINS setting applied only to the first issued requests and didn't restrict possible redirects. Patches https://github.com/WeblateOrg/weblate/pull/18550 References This issue was reported by @spbavarva via GitHub...
CVE-2026-33440
Weblate, a web-based localization tool, contains CVE-2026-33440. In versions before 5.17, the ALLOWED_ASSET_DOMAINS setting applied only to the initial requests and did not restrict subsequent redirects, enabling authenticated SSRF via redirect bypass in screenshot URL uploads. The issue is mitig...
CVE-2026-33440 Weblate: Authenticated SSRF via redirect bypass of ALLOWED_ASSET_DOMAINS in screenshot URL uploads
Weblate is a web based localization tool. In versions prior to 5.17, the ALLOWEDASSETDOMAINS setting applied only to the first issued requests and didn't restrict possible redirects. This issue has been fixed in version 5.17...