Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline

Arangodb Security Vulnerabilities

cve
cve

CVE-2021-25939

In ArangoDB, versions v3.7.0 through v3.9.0-alpha.1 have a feature which allows downloading a Foxx service from a publicly available URL. This feature does not enforce proper filtering of requests performed internally, which can be abused by a highly-privileged attacker to perform blind SSRF and...

2.7CVSS

3.9AI Score

0.001EPSS

2022-02-09 01:15 PM
43
cve
cve

CVE-2021-25940

In ArangoDB, versions v3.7.6 through v3.8.3 are vulnerable to Insufficient Session Expiration. When a userโ€™s password is changed by the administrator, the session isnโ€™t invalidated, allowing a malicious user to still be logged in and perform arbitrary actions within the...

8.8CVSS

7.8AI Score

0.001EPSS

2021-11-16 10:15 AM
16
cve
cve

CVE-2021-25938

In ArangoDB, versions v2.2.6.2 through v3.7.10 are vulnerable to Cross-Site Scripting (XSS), since there is no validation of the .zip file name and filtering of potential abusive characters which zip files can be named to. There is no X-Frame-Options Header set, which makes it more susceptible for....

6.1CVSS

5.8AI Score

0.001EPSS

2021-05-24 11:15 AM
18