Server-Side Request Forgery (SSRF)

org.apache.eventmesh:eventmesh-runtime is vulnerable to Server-Side Request Forgery SSRF. The vulnerability is due to improper validation of user-supplied URLs due to unsafe handling in the eventmesh-runtime module WebhookUtil.java, allowing attackers to read or update internal resources...

Server-side Request Forgery (SSRF)

Overview Affected versions of this package are vulnerable to Server-side Request Forgery SSRF in WebhookUtil.java. An attacker can access or manipulate internal server resources by sending crafted requests that are processed by the server. Remediation Upgrade org.apache.eventmesh:eventmesh-runtim...

Apache EventMesh Vulnerable to Server-Side Request Forgery in WebhookUtil.java

Server-Side Request Forgery SSRF in eventmesh-runtime module in WebhookUtil.java on windows\linux\mac os e.g. allows the attacker can abuse functionality on the server to read or update internal resources. Users are recommended to upgrade to version 1.12.0 or use the master branch, which fixes th...

GHSA-HF86-8X8V-H7VC Apache EventMesh Vulnerable to Server-Side Request Forgery in WebhookUtil.java

Server-Side Request Forgery SSRF in eventmesh-runtime module in WebhookUtil.java on windows\linux\mac os e.g. allows the attacker can abuse functionality on the server to read or update internal resources. Users are recommended to upgrade to version 1.12.0 or use the master branch, which fixes th...

CVE-2024-39954

CWE-918 Server-Side Request Forgery SSRF in eventmesh-runtime module in WebhookUtil.java on windows\linux\mac os e.g. allows the attacker can abuse functionality on the server to read or update internal resources. Users are recommended to upgrade to version 1.12.0 or use the master branch , which...

CVE-2024-39954

CVE-2024-39954 refers to a Server-Side Request Forgery (SSRF) in the Apache EventMesh project, specifically in the eventmesh-runtime module’s WebhookUtil.java. The vulnerability affects the WebhookUtil.java functionality that could allow an attacker to read or modify internal resources on affecte...

CVE-2024-39954 Apache EventMesh Runtime: SSRF

CWE-918 Server-Side Request Forgery SSRF in eventmesh-runtime module in WebhookUtil.java on windows\linux\mac os e.g. allows the attacker can abuse functionality on the server to read or update internal resources. Users are recommended to upgrade to version 1.12.0 or use the master branch , which...