Lucene search
ApacheVULNRICHMENT:CVE-2024-31979HistoryJul 17, 2024 - 9:04 a.m.
CVE-2024-31979 Apache StreamPipes: Possibility of SSRF in pipeline element installation process
2024-07-1709:04:47
CWE-918
apache
github.com
3
cve-2024-31979
apache streampipes
ssrf
vulnerability
installation process
upgrade
AI Score
7
Confidence
High
EPSS
0.001
Percentile
27.3%
SSVC
Exploitation
none
Automatable
yes
Technical Impact
partial
Server-Side Request Forgery (SSRF) vulnerability in Apache StreamPipes during installation process of pipeline elements.
Previously, StreamPipes allowed users to configure custom endpoints from which to install additional pipeline elements.
These endpoints were not properly validated, allowing an attacker to get StreamPipes to send an HTTP GET request to an arbitrary address.
This issue affects Apache StreamPipes: through 0.93.0.
Users are recommended to upgrade to version 0.95.0, which fixes the issue.
CNA Affected
[
{
"vendor": "Apache Software Foundation",
"product": "Apache StreamPipes",
"versions": [
{
"status": "affected",
"version": "0",
"versionType": "maven",
"lessThanOrEqual": "0.93.0"
}
],
"defaultStatus": "unaffected"
}
]ADP Affected
[
{
"cpes": [
"cpe:2.3:a:apache:streampipes:*:*:*:*:*:*:*:*"
],
"vendor": "apache",
"product": "streampipes",
"versions": [
{
"status": "affected",
"version": "0",
"versionType": "maven",
"lessThanOrEqual": "0.93.0"
}
],
"defaultStatus": "unaffected"
}
]Related
osv
osv
CVE-2024-31979
2024-07-17 09:15:02
cvelist
cvelist
veracode
veracode
Server-side Request Forgery (SSRF)
2024-07-18 09:26:51
github
github
cve
cve
CVE-2024-31979
2024-07-17 09:15:02
nvd
nvd
CVE-2024-31979
2024-07-17 09:15:02
AI Score
7
Confidence
High
EPSS
0.001
Percentile
27.3%
SSVC
Exploitation
none
Automatable
yes
Technical Impact
partial
Related for VULNRICHMENT:CVE-2024-31979