2 matches found
CVE-2019-10686
CVE-2019-10686 affects the Ctrip Apollo API up to 1.4.0-SNAPSHOT. The vulnerability is a Server-Side Request Forgery (SSRF) caused by mishandling the %23 substring, enabling an attacker to trigger intranet port scans or issue GET requests to /system-info/health. The issue is documented across mul...
CVE-2020-15170
CVE-2020-15170 affects apollo-adminservice prior to version 1.7.1, which does not implement access controls. Several trusted sources indicate that exposing apollo-adminservice to the Internet can allow direct access to APIs, enabling reading/editing of application configurations. The root cause i...