CWE-918
Server-Side Request Forgery (SSRF)
The web server receives a URL or similar request from an upstream component and retrieves the contents of this URL, but it does not sufficiently ensure that the request is being sent to the expected destination.
CVE-2024-12775 (GCVE-0-2024-12775)
Vulnerability from cvelistv5 – Published: 2025-03-20 10:09 – Updated: 2025-03-20 18:55
VLAI
Title
SSRF in langgenius/dify
Summary
langgenius/dify version 0.10.1 contains a Server-Side Request Forgery (SSRF) vulnerability in the test functionality for the Create Custom Tool option via the REST API `POST /console/api/workspaces/current/tool-provider/api/test/pre`. Attackers can set the `url` in the `servers` dictionary in OpenAI's schema with arbitrary URL targets, allowing them to abuse the victim server's credentials to access unauthorized web resources.
Severity
6.5 (Medium)
CWE
- CWE-918 - Server-Side Request Forgery (SSRF)
Assigner
References
1 reference
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| langgenius | langgenius/dify |
Affected:
unspecified , ≤ latest
(custom)
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-12775",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-03-20T17:51:10.272058Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-03-20T18:55:41.104Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "langgenius/dify",
"vendor": "langgenius",
"versions": [
{
"lessThanOrEqual": "latest",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "langgenius/dify version 0.10.1 contains a Server-Side Request Forgery (SSRF) vulnerability in the test functionality for the Create Custom Tool option via the REST API `POST /console/api/workspaces/current/tool-provider/api/test/pre`. Attackers can set the `url` in the `servers` dictionary in OpenAI\u0027s schema with arbitrary URL targets, allowing them to abuse the victim server\u0027s credentials to access unauthorized web resources."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-918",
"description": "CWE-918 Server-Side Request Forgery (SSRF)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-03-20T10:09:23.407Z",
"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"shortName": "@huntr_ai"
},
"references": [
{
"url": "https://huntr.com/bounties/e90e929a-9bc9-46ad-a5e5-1f6f124d0f12"
}
],
"source": {
"advisory": "e90e929a-9bc9-46ad-a5e5-1f6f124d0f12",
"discovery": "EXTERNAL"
},
"title": "SSRF in langgenius/dify"
}
},
"cveMetadata": {
"assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"assignerShortName": "@huntr_ai",
"cveId": "CVE-2024-12775",
"datePublished": "2025-03-20T10:09:23.407Z",
"dateReserved": "2024-12-18T22:03:01.428Z",
"dateUpdated": "2025-03-20T18:55:41.104Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-12779 (GCVE-0-2024-12779)
Vulnerability from cvelistv5 – Published: 2025-03-20 10:11 – Updated: 2025-03-20 13:03
VLAI
Title
SSRF in infiniflow/ragflow
Summary
A Server-Side Request Forgery (SSRF) vulnerability exists in infiniflow/ragflow version 0.12.0. The vulnerability is present in the `POST /v1/llm/add_llm` and `POST /v1/conversation/tts` endpoints. Attackers can specify an arbitrary URL as the `api_base` when adding an `OPENAITTS` model, and subsequently access the `tts` REST API endpoint to read contents from the specified URL. This can lead to unauthorized access to internal web resources.
Severity
6.5 (Medium)
CWE
- CWE-918 - Server-Side Request Forgery (SSRF)
Assigner
References
1 reference
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| infiniflow | infiniflow/ragflow |
Affected:
unspecified , ≤ latest
(custom)
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-12779",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-03-20T13:03:03.044104Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-03-20T13:03:06.470Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"exploit"
],
"url": "https://huntr.com/bounties/3cc748ba-2afb-4bfe-8553-10eb6d6dd4f0"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "infiniflow/ragflow",
"vendor": "infiniflow",
"versions": [
{
"lessThanOrEqual": "latest",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A Server-Side Request Forgery (SSRF) vulnerability exists in infiniflow/ragflow version 0.12.0. The vulnerability is present in the `POST /v1/llm/add_llm` and `POST /v1/conversation/tts` endpoints. Attackers can specify an arbitrary URL as the `api_base` when adding an `OPENAITTS` model, and subsequently access the `tts` REST API endpoint to read contents from the specified URL. This can lead to unauthorized access to internal web resources."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-918",
"description": "CWE-918 Server-Side Request Forgery (SSRF)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-03-20T10:11:28.705Z",
"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"shortName": "@huntr_ai"
},
"references": [
{
"url": "https://huntr.com/bounties/3cc748ba-2afb-4bfe-8553-10eb6d6dd4f0"
}
],
"source": {
"advisory": "3cc748ba-2afb-4bfe-8553-10eb6d6dd4f0",
"discovery": "EXTERNAL"
},
"title": "SSRF in infiniflow/ragflow"
}
},
"cveMetadata": {
"assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"assignerShortName": "@huntr_ai",
"cveId": "CVE-2024-12779",
"datePublished": "2025-03-20T10:11:28.705Z",
"dateReserved": "2024-12-18T23:25:26.981Z",
"dateUpdated": "2025-03-20T13:03:06.470Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-12801 (GCVE-0-2024-12801)
Vulnerability from cvelistv5 – Published: 2024-12-19 16:11 – Updated: 2025-01-03 13:40
VLAI
Title
SaxEventRecorder vulnerable to Server-Side Request Forgery (SSRF) attacks
Summary
Server-Side Request Forgery (SSRF) in SaxEventRecorder by QOS.CH logback version 0.1 to 1.3.14 and 1.4.0 to 1.5.12 on the Java platform, allows an attacker to
forge requests by compromising logback configuration files in XML.
The attacks involves the modification of DOCTYPE declaration in XML configuration files.
Severity
CWE
- CWE-918 - Server-Side Request Forgery (SSRF)
Assigner
References
2 references
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| QOS.CH Sarl | logback |
Affected:
0.1 , ≤ 1.3.14
(maven)
Affected: 1.4.0 , ≤ 1.5.12 (maven) Unaffected: 1.3.15 Unaffected: 1.5.13 |
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-12801",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-12-20T20:15:51.883590Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-12-20T20:16:07.566Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"modules": [
"XML configuration component"
],
"platforms": [
"Java"
],
"product": "logback",
"vendor": "QOS.CH Sarl",
"versions": [
{
"lessThanOrEqual": "1.3.14",
"status": "affected",
"version": "0.1",
"versionType": "maven"
},
{
"lessThanOrEqual": "1.5.12",
"status": "affected",
"version": "1.4.0",
"versionType": "maven"
},
{
"status": "unaffected",
"version": "1.3.15"
},
{
"status": "unaffected",
"version": "1.5.13"
}
]
}
],
"configurations": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "The attacker needs to access and write to logback configuration files. Alternatively, the attacker needs to be able to force the use of a malicious logback configuration file at application start.\u003cbr\u003e"
}
],
"value": "The attacker needs to access and write to logback configuration files. Alternatively, the attacker needs to be able to force the use of a malicious logback configuration file at application start."
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "7asecurity"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cdiv\u003eServer-Side Request Forgery (SSRF) in SaxEventRecorder by QOS.CH logback version 0.1 to 1.3.14 and 1.4.0 to 1.5.12\u0026nbsp; on the Java platform, allows an attacker to \nforge requests by compromising logback configuration files in XML.\n\n\u003cbr\u003e\u003cbr\u003eThe attacks involves the modification of DOCTYPE declaration in\u0026nbsp; XML configuration files.\u003cbr\u003e\u003c/div\u003e"
}
],
"value": "Server-Side Request Forgery (SSRF) in SaxEventRecorder by QOS.CH logback version 0.1 to 1.3.14 and 1.4.0 to 1.5.12\u00a0 on the Java platform, allows an attacker to \nforge requests by compromising logback configuration files in XML.\n\n\n\nThe attacks involves the modification of DOCTYPE declaration in\u00a0 XML configuration files."
}
],
"exploits": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "No known existing exploitation.\u003cbr\u003e"
}
],
"value": "No known existing exploitation."
}
],
"impacts": [
{
"capecId": "CAPEC-212",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-212 Functionality Misuse"
}
]
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "PRESENT",
"attackVector": "LOCAL",
"baseScore": 2.4,
"baseSeverity": "LOW",
"privilegesRequired": "LOW",
"providerUrgency": "CLEAR",
"subAvailabilityImpact": "HIGH",
"subConfidentialityImpact": "HIGH",
"subIntegrityImpact": "HIGH",
"userInteraction": "PASSIVE",
"valueDensity": "DIFFUSE",
"vectorString": "CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:P/VC:L/VI:N/VA:L/SC:H/SI:H/SA:H/V:D/U:Clear",
"version": "4.0",
"vulnAvailabilityImpact": "LOW",
"vulnConfidentialityImpact": "LOW",
"vulnIntegrityImpact": "NONE",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-918",
"description": "CWE-918 Server-Side Request Forgery (SSRF)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-01-03T13:40:41.135Z",
"orgId": "455daabc-a392-441d-aa46-37d35189897c",
"shortName": "NCSC.ch"
},
"references": [
{
"url": "https://logback.qos.ch/news.html#1.5.13"
},
{
"url": "https://logback.qos.ch/news.html#1.3.15"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Update to logback version 1.5.13 or later. If you are using the 1.3.x \nseries, update to logback version 1.3.15 or later. Note that the 1.4.x \nseries remains vulnerable.\n\u003cbr\u003e"
}
],
"value": "Update to logback version 1.5.13 or later. If you are using the 1.3.x \nseries, update to logback version 1.3.15 or later. Note that the 1.4.x \nseries remains vulnerable."
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "SaxEventRecorder vulnerable to Server-Side Request Forgery (SSRF) attacks",
"workarounds": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Update to logback version 1.5.13 or later. If you are using the 1.3.x \nseries, update to logback version 1.3.15 or later. Note that the 1.4.x \nseries remains vulnerable."
}
],
"value": "Update to logback version 1.5.13 or later. If you are using the 1.3.x \nseries, update to logback version 1.3.15 or later. Note that the 1.4.x \nseries remains vulnerable."
}
],
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "455daabc-a392-441d-aa46-37d35189897c",
"assignerShortName": "NCSC.ch",
"cveId": "CVE-2024-12801",
"datePublished": "2024-12-19T16:11:50.044Z",
"dateReserved": "2024-12-19T16:09:59.761Z",
"dateUpdated": "2025-01-03T13:40:41.135Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-12867 (GCVE-0-2024-12867)
Vulnerability from cvelistv5 – Published: 2024-12-20 19:19 – Updated: 2024-12-24 16:59
VLAI
Title
Server-Side Request Forgery in Arctic Hub URL Mapper allows an unauthenticated remote attacker to exfiltrate and modify configurations and data
Summary
Server-Side Request Forgery in URL Mapper in Arctic Security's Arctic Hub versions 3.0.1764-5.6.1877 allows an unauthenticated remote attacker to exfiltrate and modify configurations and data.
Severity
CWE
- CWE-918 - Server-Side Request Forgery (SSRF)
Assigner
References
1 reference
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Arctic Security | Arctic Hub |
Affected:
3.0.1764 , ≤ 5.5.1872
(rpm)
Unaffected: 5.6.1877 (rpm) |
Date Public
2024-12-12 14:50
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-12867",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-12-24T16:58:19.345997Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-12-24T16:59:02.357Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"modules": [
"URL Mapper"
],
"platforms": [
"Linux"
],
"product": "Arctic Hub",
"vendor": "Arctic Security",
"versions": [
{
"lessThanOrEqual": "5.5.1872",
"status": "affected",
"version": "3.0.1764",
"versionType": "rpm"
},
{
"status": "unaffected",
"version": "5.6.1877",
"versionType": "rpm"
}
]
}
],
"configurations": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "You are vulnerable if \u003cbr\u003e- you are running Arctic Hub version 3.0.1764 - 5.5.1872\u003cbr\u003e- and you have the \u201cexternal_base_url\u201d configured for external access in /var/lib/arcsec-hub/config.yml\u003cbr\u003e- and the configured URL space is accessible by a potential attacker\u003cbr\u003e"
}
],
"value": "You are vulnerable if \n- you are running Arctic Hub version 3.0.1764 - 5.5.1872\n- and you have the \u201cexternal_base_url\u201d configured for external access in /var/lib/arcsec-hub/config.yml\n- and the configured URL space is accessible by a potential attacker"
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Bob Van der Smissen"
},
{
"lang": "en",
"type": "reporter",
"value": "\u0027Hack the Government\u0027 ethical hacking event hosted by the Centre for Cybersecurity Belgium (CCB)"
}
],
"datePublic": "2024-12-12T14:50:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Server-Side Request Forgery in URL Mapper in Arctic Security\u0027s Arctic Hub versions 3.0.1764-5.6.1877 allows an unauthenticated remote attacker to exfiltrate and modify configurations and data."
}
],
"value": "Server-Side Request Forgery in URL Mapper in Arctic Security\u0027s Arctic Hub versions 3.0.1764-5.6.1877 allows an unauthenticated remote attacker to exfiltrate and modify configurations and data."
}
],
"exploits": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "There have been no reports of attempts to exploit the vulnerability."
}
],
"value": "There have been no reports of attempts to exploit the vulnerability."
}
],
"impacts": [
{
"capecId": "CAPEC-115",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-115 Authentication Bypass"
}
]
},
{
"capecId": "CAPEC-25",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-25 Forced Deadlock"
}
]
},
{
"capecId": "CAPEC-36",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-36 Using Unpublished Interfaces or Functionality"
}
]
},
{
"capecId": "CAPEC-64",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-64 Using Slashes and URL Encoding Combined to Bypass Validation Logic"
}
]
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NO",
"Recovery": "USER",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"privilegesRequired": "NONE",
"providerUrgency": "AMBER",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "LOW",
"userInteraction": "NONE",
"valueDensity": "CONCENTRATED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:L/VA:H/SC:N/SI:L/SA:N/AU:N/R:U/V:C/RE:M/U:Amber",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "LOW",
"vulnerabilityResponseEffort": "MODERATE"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-918",
"description": "CWE-918 Server-Side Request Forgery (SSRF)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-12-20T19:19:43.985Z",
"orgId": "db4dfee8-a97e-4877-bfae-eba6d14a2166",
"shortName": "NCSC-FI"
},
"references": [
{
"url": "https://www.arcticsecurity.com/security/vulnerability-note-2024-12-20"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan style=\"background-color: transparent;\"\u003eUpgrade Arctic Hub to version 5.6.1877 or above.\u003c/span\u003e\u003cbr\u003e"
}
],
"value": "Upgrade Arctic Hub to version 5.6.1877 or above."
}
],
"source": {
"discovery": "EXTERNAL"
},
"timeline": [
{
"lang": "en",
"time": "2024-12-06T10:00:00.000Z",
"value": "Arctic Security received a report about a DoS vulnerability in the URL Mapper API."
},
{
"lang": "en",
"time": "2024-12-09T07:00:00.000Z",
"value": "Arctic Security R\u0026D team was able to replicate the DoS vulnerability. The team discovered the root cause of the DoS issue and implemented a fix on the same day."
},
{
"lang": "en",
"time": "2024-12-10T12:00:00.000Z",
"value": "Arctic Security R\u0026D team continued internal investigation based on the reported vulnerability and found out a way to expand it from the DoS to a SSRF. The team identified the root cause for the SSRF and started to work on a fix. The fix was finalized later on the same day."
},
{
"lang": "en",
"time": "2024-12-11T19:00:00.000Z",
"value": "Arctic Security R\u0026D team implemented a helper tool to assist users by 1) Implementing a hotfix to any of the earlier vulnerable versions so that users who are not able to upgrade right away can have a temporary solution. 2) By helping users to check for any suspicious activity in their logs related to the vulnerability."
},
{
"lang": "en",
"time": "2024-12-12T14:50:00.000Z",
"value": "Arctic Security released Arctic Hub 5.6.1877 containing the fix, along with a release note to explain the vulnerability. An access link to the helper tool was provided as part of the release note."
},
{
"lang": "en",
"time": "2024-12-13T13:00:00.000Z",
"value": "After getting confirmation from CCB that no duplicate CVE entry has been made, Arctic Security requested a CVE number from its local CNA, the National Cyber Security Centre Finland (NCSC-FI)."
}
],
"title": "Server-Side Request Forgery in Arctic Hub URL Mapper allows an unauthenticated remote attacker to exfiltrate and modify configurations and data",
"workarounds": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan style=\"background-color: transparent;\"\u003eIf upgrading is not possible, apply the hotfix as instructed in the version 5.6.1877 release note which was distributed to all Arctic Hub users on 12th of December 2024.\u003c/span\u003e\u003cbr\u003e"
}
],
"value": "If upgrading is not possible, apply the hotfix as instructed in the version 5.6.1877 release note which was distributed to all Arctic Hub users on 12th of December 2024."
}
],
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "db4dfee8-a97e-4877-bfae-eba6d14a2166",
"assignerShortName": "NCSC-FI",
"cveId": "CVE-2024-12867",
"datePublished": "2024-12-20T19:19:43.985Z",
"dateReserved": "2024-12-20T19:11:54.846Z",
"dateUpdated": "2024-12-24T16:59:02.357Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-12882 (GCVE-0-2024-12882)
Vulnerability from cvelistv5 – Published: 2025-03-20 10:10 – Updated: 2025-03-20 18:20
VLAI
Title
SSRF in comfyanonymous/comfyui
Summary
comfyanonymous/comfyui version v0.2.4 suffers from a non-blind Server-Side Request Forgery (SSRF) vulnerability. This vulnerability can be exploited by combining the REST APIs `POST /internal/models/download` and `GET /view`, allowing attackers to abuse the victim server's credentials to access unauthorized web resources.
Severity
7.5 (High)
CWE
- CWE-918 - Server-Side Request Forgery (SSRF)
Assigner
References
1 reference
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| comfyanonymous | comfyanonymous/comfyui |
Affected:
unspecified , ≤ latest
(custom)
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-12882",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-03-20T17:51:20.669779Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-03-20T18:20:26.580Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "comfyanonymous/comfyui",
"vendor": "comfyanonymous",
"versions": [
{
"lessThanOrEqual": "latest",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "comfyanonymous/comfyui version v0.2.4 suffers from a non-blind Server-Side Request Forgery (SSRF) vulnerability. This vulnerability can be exploited by combining the REST APIs `POST /internal/models/download` and `GET /view`, allowing attackers to abuse the victim server\u0027s credentials to access unauthorized web resources."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-918",
"description": "CWE-918 Server-Side Request Forgery (SSRF)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-03-20T10:10:31.200Z",
"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"shortName": "@huntr_ai"
},
"references": [
{
"url": "https://huntr.com/bounties/e8768cb1-6a80-40c1-9cdf-bcd21f01f85a"
}
],
"source": {
"advisory": "e8768cb1-6a80-40c1-9cdf-bcd21f01f85a",
"discovery": "EXTERNAL"
},
"title": "SSRF in comfyanonymous/comfyui"
}
},
"cveMetadata": {
"assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"assignerShortName": "@huntr_ai",
"cveId": "CVE-2024-12882",
"datePublished": "2025-03-20T10:10:31.200Z",
"dateReserved": "2024-12-20T22:14:49.438Z",
"dateUpdated": "2025-03-20T18:20:26.580Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-12989 (GCVE-0-2024-12989)
Vulnerability from cvelistv5 – Published: 2024-12-27 17:31 – Updated: 2024-12-27 18:20
VLAI
Title
WISI Tangram GT31 HTTP Request server-side request forgery
Summary
A vulnerability was found in WISI Tangram GT31 up to 20241214 and classified as problematic. Affected by this issue is some unknown functionality of the component HTTP Request Handler. The manipulation leads to server-side request forgery. The attack may be launched remotely. The vendor was contacted early about this disclosure but did not respond in any way.
Severity
5.3 (Medium)
5.3 (Medium)
CWE
- CWE-918 - Server-Side Request Forgery
Assigner
References
3 references
| URL | Tags |
|---|---|
| https://vuldb.com/?id.289382 | vdb-entry |
| https://vuldb.com/?ctiid.289382 | signaturepermissions-required |
| https://vuldb.com/?submit.463798 | third-party-advisory |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| WISI | Tangram GT31 |
Affected:
20241214
|
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-12989",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-12-27T18:20:37.742447Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-12-27T18:20:46.268Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"modules": [
"HTTP Request Handler"
],
"product": "Tangram GT31",
"vendor": "WISI",
"versions": [
{
"status": "affected",
"version": "20241214"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "Havook (VulDB User)"
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was found in WISI Tangram GT31 up to 20241214 and classified as problematic. Affected by this issue is some unknown functionality of the component HTTP Request Handler. The manipulation leads to server-side request forgery. The attack may be launched remotely. The vendor was contacted early about this disclosure but did not respond in any way."
},
{
"lang": "de",
"value": "Eine Schwachstelle wurde in WISI Tangram GT31 bis 20241214 gefunden. Sie wurde als problematisch eingestuft. Dies betrifft einen unbekannten Teil der Komponente HTTP Request Handler. Mittels dem Manipulieren mit unbekannten Daten kann eine server-side request forgery-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk passieren."
}
],
"metrics": [
{
"cvssV4_0": {
"baseScore": 6.9,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N",
"version": "4.0"
}
},
{
"cvssV3_1": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 5,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-918",
"description": "Server-Side Request Forgery",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-12-27T17:31:04.333Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"name": "VDB-289382 | WISI Tangram GT31 HTTP Request server-side request forgery",
"tags": [
"vdb-entry"
],
"url": "https://vuldb.com/?id.289382"
},
{
"name": "VDB-289382 | CTI Indicators (IOB, IOC)",
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/?ctiid.289382"
},
{
"name": "Submit #463798 | Tangram wisi Control GT31 Server-Side Request Forgery",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/?submit.463798"
}
],
"timeline": [
{
"lang": "en",
"time": "2024-12-27T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2024-12-27T01:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2024-12-27T09:46:12.000Z",
"value": "VulDB entry last update"
}
],
"title": "WISI Tangram GT31 HTTP Request server-side request forgery"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2024-12989",
"datePublished": "2024-12-27T17:31:04.333Z",
"dateReserved": "2024-12-27T08:38:24.382Z",
"dateUpdated": "2024-12-27T18:20:46.268Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-13029 (GCVE-0-2024-13029)
Vulnerability from cvelistv5 – Published: 2024-12-29 23:31 – Updated: 2024-12-30 14:43
VLAI
Title
Antabot White-Jotter Edit Book book server-side request forgery
Summary
A vulnerability, which was classified as problematic, was found in Antabot White-Jotter up to 0.2.2. Affected is an unknown function of the file /admin/content/book of the component Edit Book Handler. The manipulation leads to server-side request forgery. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.
Severity
4.3 (Medium)
4.3 (Medium)
CWE
- CWE-918 - Server-Side Request Forgery
Assigner
References
4 references
| URL | Tags |
|---|---|
| https://vuldb.com/?id.289722 | vdb-entry |
| https://vuldb.com/?ctiid.289722 | signaturepermissions-required |
| https://vuldb.com/?submit.465942 | third-party-advisory |
| https://github.com/cydtseng/Vulnerability-Researc… | exploit |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Antabot | White-Jotter |
Affected:
0.2.0
Affected: 0.2.1 Affected: 0.2.2 |
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-13029",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-12-30T14:42:44.482449Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-12-30T14:43:01.361Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"modules": [
"Edit Book Handler"
],
"product": "White-Jotter",
"vendor": "Antabot",
"versions": [
{
"status": "affected",
"version": "0.2.0"
},
{
"status": "affected",
"version": "0.2.1"
},
{
"status": "affected",
"version": "0.2.2"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "vastzero (VulDB User)"
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability, which was classified as problematic, was found in Antabot White-Jotter up to 0.2.2. Affected is an unknown function of the file /admin/content/book of the component Edit Book Handler. The manipulation leads to server-side request forgery. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used."
},
{
"lang": "de",
"value": "Es wurde eine Schwachstelle in Antabot White-Jotter bis 0.2.2 gefunden. Sie wurde als problematisch eingestuft. Es geht dabei um eine nicht klar definierte Funktion der Datei /admin/content/book der Komponente Edit Book Handler. Durch Manipulation mit unbekannten Daten kann eine server-side request forgery-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk passieren. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."
}
],
"metrics": [
{
"cvssV4_0": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N",
"version": "4.0"
}
},
{
"cvssV3_1": {
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 4,
"vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:N",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-918",
"description": "Server-Side Request Forgery",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-12-29T23:31:05.264Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"name": "VDB-289722 | Antabot White-Jotter Edit Book book server-side request forgery",
"tags": [
"vdb-entry"
],
"url": "https://vuldb.com/?id.289722"
},
{
"name": "VDB-289722 | CTI Indicators (IOB, IOC, IOA)",
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/?ctiid.289722"
},
{
"name": "Submit #465942 | Antabot White-Jotter 0.2.2 Server-Side Request Forgery",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/?submit.465942"
},
{
"tags": [
"exploit"
],
"url": "https://github.com/cydtseng/Vulnerability-Research/blob/main/white-jotter/ServerSideRequestForgery-BookCoverURL.md"
}
],
"timeline": [
{
"lang": "en",
"time": "2024-12-29T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2024-12-29T01:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2024-12-29T09:33:54.000Z",
"value": "VulDB entry last update"
}
],
"title": "Antabot White-Jotter Edit Book book server-side request forgery"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2024-13029",
"datePublished": "2024-12-29T23:31:05.264Z",
"dateReserved": "2024-12-29T08:28:43.701Z",
"dateUpdated": "2024-12-30T14:43:01.361Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-13032 (GCVE-0-2024-13032)
Vulnerability from cvelistv5 – Published: 2024-12-30 01:00 – Updated: 2024-12-30 14:40
VLAI
Title
Antabot White-Jotter Article Editor editor server-side request forgery
Summary
A vulnerability classified as problematic was found in Antabot White-Jotter up to 0.2.2. Affected by this vulnerability is an unknown functionality of the file /admin/content/editor of the component Article Editor. The manipulation of the argument articleCover leads to server-side request forgery. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.
Severity
CWE
- CWE-918 - Server-Side Request Forgery
Assigner
References
4 references
| URL | Tags |
|---|---|
| https://vuldb.com/?id.289765 | vdb-entrytechnical-description |
| https://vuldb.com/?ctiid.289765 | signaturepermissions-required |
| https://vuldb.com/?submit.466551 | third-party-advisory |
| https://github.com/cydtseng/Vulnerability-Researc… | exploit |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Antabot | White-Jotter |
Affected:
0.2.0
Affected: 0.2.1 Affected: 0.2.2 |
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-13032",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-12-30T14:40:35.402426Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-12-30T14:40:45.431Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"modules": [
"Article Editor"
],
"product": "White-Jotter",
"vendor": "Antabot",
"versions": [
{
"status": "affected",
"version": "0.2.0"
},
{
"status": "affected",
"version": "0.2.1"
},
{
"status": "affected",
"version": "0.2.2"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "vastzero (VulDB User)"
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability classified as problematic was found in Antabot White-Jotter up to 0.2.2. Affected by this vulnerability is an unknown functionality of the file /admin/content/editor of the component Article Editor. The manipulation of the argument articleCover leads to server-side request forgery. The attack can be launched remotely. The exploit has been disclosed to the public and may be used."
},
{
"lang": "de",
"value": "In Antabot White-Jotter bis 0.2.2 wurde eine problematische Schwachstelle entdeckt. Es geht um eine nicht n\u00e4her bekannte Funktion der Datei /admin/content/editor der Komponente Article Editor. Durch die Manipulation des Arguments articleCover mit unbekannten Daten kann eine server-side request forgery-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk erfolgen. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."
}
],
"metrics": [
{
"cvssV4_0": {
"baseScore": 5.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N",
"version": "4.0"
}
},
{
"cvssV3_1": {
"baseScore": 2.7,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 2.7,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:N",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 3.3,
"vectorString": "AV:N/AC:L/Au:M/C:N/I:P/A:N",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-918",
"description": "Server-Side Request Forgery",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-12-30T01:00:13.613Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"name": "VDB-289765 | Antabot White-Jotter Article Editor editor server-side request forgery",
"tags": [
"vdb-entry",
"technical-description"
],
"url": "https://vuldb.com/?id.289765"
},
{
"name": "VDB-289765 | CTI Indicators (IOB, IOC, IOA)",
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/?ctiid.289765"
},
{
"name": "Submit #466551 | Antabot White-Jotter 0.2.2 Server-Side Request Forgery",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/?submit.466551"
},
{
"tags": [
"exploit"
],
"url": "https://github.com/cydtseng/Vulnerability-Research/blob/main/white-jotter/ServerSideRequestForgery-ArticleCoverURL.md"
}
],
"timeline": [
{
"lang": "en",
"time": "2024-12-29T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2024-12-29T01:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2024-12-29T13:34:15.000Z",
"value": "VulDB entry last update"
}
],
"title": "Antabot White-Jotter Article Editor editor server-side request forgery"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2024-13032",
"datePublished": "2024-12-30T01:00:13.613Z",
"dateReserved": "2024-12-29T12:29:12.074Z",
"dateUpdated": "2024-12-30T14:40:45.431Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-13139 (GCVE-0-2024-13139)
Vulnerability from cvelistv5 – Published: 2025-01-05 11:00 – Updated: 2025-01-06 15:53
VLAI
Title
wangl1989 mysiteforme FileController doContent server-side request forgery
Summary
A vulnerability was found in wangl1989 mysiteforme 1.0. It has been rated as critical. This issue affects the function doContent of the file src/main/java/com/mysiteform/admin/controller/system/FileController. The manipulation of the argument content leads to server-side request forgery. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.
Severity
6.3 (Medium)
6.3 (Medium)
CWE
- CWE-918 - Server-Side Request Forgery
Assigner
References
5 references
| URL | Tags |
|---|---|
| https://vuldb.com/?id.290213 | vdb-entrytechnical-description |
| https://vuldb.com/?ctiid.290213 | signaturepermissions-required |
| https://vuldb.com/?submit.468513 | third-party-advisory |
| https://github.com/wangl1989/mysiteforme/issues/56 | issue-tracking |
| https://github.com/wangl1989/mysiteforme/issues/5… | exploitissue-tracking |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| wangl1989 | mysiteforme |
Affected:
1.0
|
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-13139",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-01-06T15:53:18.739567Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-01-06T15:53:26.788Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "mysiteforme",
"vendor": "wangl1989",
"versions": [
{
"status": "affected",
"version": "1.0"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "LVZC (VulDB User)"
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was found in wangl1989 mysiteforme 1.0. It has been rated as critical. This issue affects the function doContent of the file src/main/java/com/mysiteform/admin/controller/system/FileController. The manipulation of the argument content leads to server-side request forgery. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used."
},
{
"lang": "de",
"value": "Eine Schwachstelle wurde in wangl1989 mysiteforme 1.0 ausgemacht. Sie wurde als kritisch eingestuft. Betroffen davon ist die Funktion doContent der Datei src/main/java/com/mysiteform/admin/controller/system/FileController. Dank der Manipulation des Arguments content mit unbekannten Daten kann eine server-side request forgery-Schwachstelle ausgenutzt werden. Die Umsetzung des Angriffs kann dabei \u00fcber das Netzwerk erfolgen. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."
}
],
"metrics": [
{
"cvssV4_0": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N",
"version": "4.0"
}
},
{
"cvssV3_1": {
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 6.5,
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-918",
"description": "Server-Side Request Forgery",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-01-05T11:00:16.777Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"name": "VDB-290213 | wangl1989 mysiteforme FileController doContent server-side request forgery",
"tags": [
"vdb-entry",
"technical-description"
],
"url": "https://vuldb.com/?id.290213"
},
{
"name": "VDB-290213 | CTI Indicators (IOB, IOC, IOA)",
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/?ctiid.290213"
},
{
"name": "Submit #468513 | wangl1989 mysiteforme 1.0 SSRF",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/?submit.468513"
},
{
"tags": [
"issue-tracking"
],
"url": "https://github.com/wangl1989/mysiteforme/issues/56"
},
{
"tags": [
"exploit",
"issue-tracking"
],
"url": "https://github.com/wangl1989/mysiteforme/issues/56#issue-2757876365"
}
],
"timeline": [
{
"lang": "en",
"time": "2025-01-04T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2025-01-04T01:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2025-01-04T10:53:48.000Z",
"value": "VulDB entry last update"
}
],
"title": "wangl1989 mysiteforme FileController doContent server-side request forgery"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2024-13139",
"datePublished": "2025-01-05T11:00:16.777Z",
"dateReserved": "2025-01-04T09:48:39.635Z",
"dateUpdated": "2025-01-06T15:53:26.788Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-13195 (GCVE-0-2024-13195)
Vulnerability from cvelistv5 – Published: 2025-01-08 23:31 – Updated: 2025-01-09 16:19
VLAI
Title
donglight bookstore电商书城系统说明 HttpUtil.java getHtml server-side request forgery
Summary
A vulnerability was found in donglight bookstore电商书城系统说明 1.0.0. It has been classified as critical. This affects the function getHtml of the file src/main/java/org/zdd/bookstore/rawl/HttpUtil.java. The manipulation of the argument url leads to server-side request forgery. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.
Severity
6.3 (Medium)
6.3 (Medium)
CWE
- CWE-918 - Server-Side Request Forgery
Assigner
References
5 references
| URL | Tags |
|---|---|
| https://vuldb.com/?id.290787 | vdb-entrytechnical-description |
| https://vuldb.com/?ctiid.290787 | signaturepermissions-required |
| https://vuldb.com/?submit.469689 | third-party-advisory |
| https://github.com/donglight/bookstore/issues/11 | issue-tracking |
| https://github.com/donglight/bookstore/issues/11#… | exploitissue-tracking |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| donglight | bookstore电商书城系统说明 |
Affected:
1.0.0
|
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-13195",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-01-09T16:19:38.684512Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-01-09T16:19:46.795Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"exploit"
],
"url": "https://github.com/donglight/bookstore/issues/11#issue-2760929273"
},
{
"tags": [
"exploit"
],
"url": "https://github.com/donglight/bookstore/issues/11"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "bookstore\u7535\u5546\u4e66\u57ce\u7cfb\u7edf\u8bf4\u660e",
"vendor": "donglight",
"versions": [
{
"status": "affected",
"version": "1.0.0"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "LVZC1 (VulDB User)"
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was found in donglight bookstore\u7535\u5546\u4e66\u57ce\u7cfb\u7edf\u8bf4\u660e 1.0.0. It has been classified as critical. This affects the function getHtml of the file src/main/java/org/zdd/bookstore/rawl/HttpUtil.java. The manipulation of the argument url leads to server-side request forgery. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used."
},
{
"lang": "de",
"value": "Es wurde eine Schwachstelle in donglight bookstore\u7535\u5546\u4e66\u57ce\u7cfb\u7edf\u8bf4\u660e 1.0.0 ausgemacht. Sie wurde als kritisch eingestuft. Es geht dabei um die Funktion getHtml der Datei src/main/java/org/zdd/bookstore/rawl/HttpUtil.java. Mit der Manipulation des Arguments url mit unbekannten Daten kann eine server-side request forgery-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk passieren. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."
}
],
"metrics": [
{
"cvssV4_0": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N",
"version": "4.0"
}
},
{
"cvssV3_1": {
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 6.5,
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-918",
"description": "Server-Side Request Forgery",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-01-08T23:31:06.435Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"name": "VDB-290787 | donglight bookstore\u7535\u5546\u4e66\u57ce\u7cfb\u7edf\u8bf4\u660e HttpUtil.java getHtml server-side request forgery",
"tags": [
"vdb-entry",
"technical-description"
],
"url": "https://vuldb.com/?id.290787"
},
{
"name": "VDB-290787 | CTI Indicators (IOB, IOC, IOA)",
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/?ctiid.290787"
},
{
"name": "Submit #469689 | donglight bookstore 1.0 SSRF",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/?submit.469689"
},
{
"tags": [
"issue-tracking"
],
"url": "https://github.com/donglight/bookstore/issues/11"
},
{
"tags": [
"exploit",
"issue-tracking"
],
"url": "https://github.com/donglight/bookstore/issues/11#issue-2760929273"
}
],
"timeline": [
{
"lang": "en",
"time": "2025-01-08T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2025-01-08T01:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2025-01-08T15:35:48.000Z",
"value": "VulDB entry last update"
}
],
"title": "donglight bookstore\u7535\u5546\u4e66\u57ce\u7cfb\u7edf\u8bf4\u660e HttpUtil.java getHtml server-side request forgery"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2024-13195",
"datePublished": "2025-01-08T23:31:06.435Z",
"dateReserved": "2025-01-08T14:30:36.803Z",
"dateUpdated": "2025-01-09T16:19:46.795Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
No mitigation information available for this CWE.
CAPEC-664: Server Side Request Forgery
An adversary exploits improper input validation by submitting maliciously crafted input to a target application running on a server, with the goal of forcing the server to make a request either to itself, to web services running in the server’s internal network, or to external third parties. If successful, the adversary’s request will be made with the server’s privilege level, bypassing its authentication controls. This ultimately allows the adversary to access sensitive data, execute commands on the server’s network, and make external requests with the stolen identity of the server. Server Side Request Forgery attacks differ from Cross Site Request Forgery attacks in that they target the server itself, whereas CSRF attacks exploit an insecure user authentication mechanism to perform unauthorized actions on the user's behalf.