Emissary is a P2P-based, data-driven workflow engine. Emissary version 6.4.0 is vulnerable to Server-Side Request Forgery (SSRF). In particular, the RegisterPeerAction endpoint and the AddChildDirectoryAction endpoint are vulnerable to SSRF. This vulnerability may lead to credential leaks. Emissary...
9.9CVSS
9.3AI Score
0.007EPSS
Emissary is a P2P based data-driven workflow engine. Affected versions of Emissary are vulnerable to post-authentication Remote Code Execution (RCE). The CreatePlace REST endpoint accepts an sppClassName parameter which is used to load an arbitrary class. This class is later instantiated using a co...
9.1CVSS
9.5AI Score
0.004EPSS