Security
Headlines
HeadlinesLatestCVEs

Tag

#ssrf

GHSA-wg4w-5m5r-w3p8: OpenAPI Generator vulnerable to Server-Side Request Forgery

openapi-generator up to v6.4.0 was discovered to contain a Server-Side Request Forgery (SSRF) via the component /api/gen/clients/{language}. This vulnerability allows attackers to access network resources and sensitive information via a crafted API request.

ghsa
Open in Source
#vulnerability#git#ssrf
CVE-2023-27163: request-baskets SSRF details - CodiMD

request-baskets up to v1.2.1 was discovered to contain a Server-Side Request Forgery (SSRF) via the component /api/baskets/{name}. This vulnerability allows attackers to access network resources and sensitive information via a crafted API request.

CVE-2023-27162: openapi-generator API SSRF details - CodiMD

openapi-generator up to v6.4.0 was discovered to contain a Server-Side Request Forgery (SSRF) via the component /api/gen/clients/{language}. This vulnerability allows attackers to access network resources and sensitive information via a crafted API request.

CVE-2023-27160: GitHub - forem/forem: For empowering community 🌱

forem up to v2022.11.11 was discovered to contain a Server-Side Request Forgery (SSRF) via the component /articles/{id}. This vulnerability allows attackers to access network resources and sensitive information via a crafted POST request.

CVE-2023-27159: appwrite unauthenticated SSRF details - CodiMD

Appwrite up to v1.2.1 was discovered to contain a Server-Side Request Forgery (SSRF) via the component /v1/avatars/favicon. This vulnerability allows attackers to access network resources and sensitive information via a crafted GET request.

CVE-2022-43473: Security Updates - CVE-2022-43473 | ManageEngine OpManager

A blind XML External Entity (XXE) vulnerability exists in the Add UCS Device functionality of ManageEngine OpManager 12.6.168. A specially crafted XML file can lead to SSRF. An attacker can serve a malicious XML payload to trigger this vulnerability.

CVE-2023-1725

Server-Side Request Forgery (SSRF) vulnerability in Infoline Project Management System allows Server Side Request Forgery.This issue affects Project Management System: before 4.09.31.125.

Label Studio 1.5.0 Server-Side Request Forgery

Label Studio versions 1.5.0 and below suffer from a server-side request forgery vulnerability.

X-Skipper-Proxy 0.13.237 Server-Side Request Forgery

X-Skipper-Proxy version 0.13.237 suffers from a server-side request forgery vulnerability.

CVE-2023-25195

Server-Side Request Forgery (SSRF) vulnerability in Apache Software Foundation Apache Fineract. Authorized users with limited permissions can gain access to server and may be able to use server for any outbound traffic. This issue affects Apache Fineract: from 1.4 through 1.8.3.