Common Weakness Enumeration

CWE-918

Allowed

Server-Side Request Forgery (SSRF)

Abstraction: Base · Status: Incomplete

The web server receives a URL or similar request from an upstream component and retrieves the contents of this URL, but it does not sufficiently ensure that the request is being sent to the expected destination.

4620 vulnerabilities reference this CWE, most recent first.

GHSA-VJX8-8P7H-82GR

Vulnerability from github – Published: 2026-04-07 18:10 – Updated: 2026-04-24 21:04
VLAI
Summary
OpenClaw: Marketplace Plugin Download Follows Redirects Without SSRF Protection
Details

Summary

Marketplace Plugin Download Follows Redirects Without SSRF Protection

Current Maintainer Triage

  • Status: open
  • Normalized severity: medium
  • Assessment: v2026.3.28 still uses bare redirect-following fetch in src/plugins/marketplace.ts for marketplace archives, and fixed-on-main only does not change that shipped SSRF exposure.

Affected Packages / Versions

  • Package: openclaw (npm)
  • Latest published npm version: 2026.3.31
  • Vulnerable version range: <=2026.3.28
  • Patched versions: >= 2026.3.31
  • First stable tag containing the fix: v2026.3.31

Fix Commit(s)

  • 2ce44ca6a1302b166a128abbd78f72114f2f4f52 — 2026-03-31T12:59:42+01:00

Release Process Note

  • The fix is already present in released version 2026.3.31.
  • This draft looks ready for final maintainer disposition or publication, not additional code-fix work.

Thanks @AntAISecurityLab for reporting.

Show details on source website

{
  "affected": [
    {
      "database_specific": {
        "last_known_affected_version_range": "\u003c= 2026.3.28"
      },
      "package": {
        "ecosystem": "npm",
        "name": "openclaw"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "2026.3.31"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2026-41297"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-918"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2026-04-07T18:10:45Z",
    "nvd_published_at": "2026-04-21T00:16:30Z",
    "severity": "MODERATE"
  },
  "details": "## Summary\nMarketplace Plugin Download Follows Redirects Without SSRF Protection\n\n## Current Maintainer Triage\n- Status: open\n- Normalized severity: medium\n- Assessment: v2026.3.28 still uses bare redirect-following fetch in src/plugins/marketplace.ts for marketplace archives, and fixed-on-main only does not change that shipped SSRF exposure.\n\n## Affected Packages / Versions\n- Package: `openclaw` (npm)\n- Latest published npm version: `2026.3.31`\n- Vulnerable version range: `\u003c=2026.3.28`\n- Patched versions: `\u003e= 2026.3.31`\n- First stable tag containing the fix: `v2026.3.31`\n\n## Fix Commit(s)\n- `2ce44ca6a1302b166a128abbd78f72114f2f4f52` \u2014 2026-03-31T12:59:42+01:00\n\n## Release Process Note\n- The fix is already present in released version `2026.3.31`.\n- This draft looks ready for final maintainer disposition or publication, not additional code-fix work.\n\nThanks @AntAISecurityLab for reporting.",
  "id": "GHSA-vjx8-8p7h-82gr",
  "modified": "2026-04-24T21:04:32Z",
  "published": "2026-04-07T18:10:45Z",
  "references": [
    {
      "type": "WEB",
      "url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-vjx8-8p7h-82gr"
    },
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-41297"
    },
    {
      "type": "WEB",
      "url": "https://github.com/openclaw/openclaw/commit/2ce44ca6a1302b166a128abbd78f72114f2f4f52"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/openclaw/openclaw"
    },
    {
      "type": "WEB",
      "url": "https://www.vulncheck.com/advisories/openclaw-server-side-request-forgery-via-marketplace-plugin-download-redirect"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:L/A:N",
      "type": "CVSS_V3"
    },
    {
      "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N",
      "type": "CVSS_V4"
    }
  ],
  "summary": "OpenClaw: Marketplace Plugin Download Follows Redirects Without SSRF Protection"
}

GHSA-VJXX-54VW-Q59F

Vulnerability from github – Published: 2022-05-14 01:17 – Updated: 2025-05-30 19:54
VLAI
Summary
Moodle SSRF Vulnerability
Details

The edit_blog.php script allows a registered user to add external RSS feed resources. It was identified that this feature could be abused to be used as a SSRF attack vector by adding a malicious URL/TCP PORT in order to target internal network or an internet hosted server, bypassing firewall rules, IP filtering and more.

This kind of vulnerability is then called “blind” because of no response available on Moodle web site, enforcing attacker to exploit it using a “time based” approach.

Show details on source website

{
  "affected": [
    {
      "package": {
        "ecosystem": "Packagist",
        "name": "moodle/moodle"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "3.5.0"
            },
            {
              "fixed": "3.5.4"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2019-6970"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-918"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2023-07-19T20:37:25Z",
    "nvd_published_at": "2019-03-21T16:01:00Z",
    "severity": "HIGH"
  },
  "details": "The `edit_blog.php` script allows a registered user to add external RSS feed resources. It was identified that this feature could be abused to be used as a SSRF attack vector by adding a malicious URL/TCP PORT in order to target internal network or an internet hosted server, bypassing firewall rules, IP filtering and more.\n\nThis kind of vulnerability is then called \u201cblind\u201d because of no response available on Moodle web site, enforcing attacker to exploit it using a \u201ctime based\u201d approach.",
  "id": "GHSA-vjxx-54vw-q59f",
  "modified": "2025-05-30T19:54:40Z",
  "published": "2022-05-14T01:17:52Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-6970"
    },
    {
      "type": "WEB",
      "url": "https://cds.thalesgroup.com/en/tcs-cert/CVE-2019-6970"
    },
    {
      "type": "WEB",
      "url": "https://excellium-services.com/cert-xlm-advisory/cve-2019-6970"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/moodle/moodle"
    },
    {
      "type": "WEB",
      "url": "https://www.excellium-services.com/cert-xlm-advisory"
    },
    {
      "type": "WEB",
      "url": "https://www.excellium-services.com/cert-xlm-advisory/cve-2019-6970"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ],
  "summary": "Moodle SSRF Vulnerability"
}

GHSA-VM4J-2MRW-2C59

Vulnerability from github – Published: 2022-05-24 17:31 – Updated: 2026-07-05 00:31
VLAI
Details

A SSRF vulnerability exists in the downloadimage interface of CRMEB 3.0, which can remotely download arbitrary files on the server and remotely execute arbitrary code.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2020-25466"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-918"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2020-10-23T15:15:00Z",
    "severity": "CRITICAL"
  },
  "details": "A SSRF vulnerability exists in the downloadimage interface of CRMEB 3.0, which can remotely download arbitrary files on the server and remotely execute arbitrary code.",
  "id": "GHSA-vm4j-2mrw-2c59",
  "modified": "2026-07-05T00:31:15Z",
  "published": "2022-05-24T17:31:58Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-25466"
    },
    {
      "type": "WEB",
      "url": "https://github.com/crmeb/CRMEB/issues/22"
    },
    {
      "type": "WEB",
      "url": "https://github.com/crmeb/CRMEB"
    },
    {
      "type": "WEB",
      "url": "http://crmeb.com"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-VM77-MR48-27WJ

Vulnerability from github – Published: 2025-03-23 15:30 – Updated: 2025-09-26 21:27
VLAI
Summary
nossrf Server-Side Request Forgery (SSRF)
Details

Versions of the package nossrf before 1.0.4 are vulnerable to Server-Side Request Forgery (SSRF), where an attacker can provide a hostname that resolves to a local or reserved IP address space and bypass the SSRF protection mechanism.

Show details on source website

{
  "affected": [
    {
      "package": {
        "ecosystem": "npm",
        "name": "nossrf"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "1.0.4"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2025-2691"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-918"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2025-03-25T16:30:30Z",
    "nvd_published_at": "2025-03-23T15:15:13Z",
    "severity": "HIGH"
  },
  "details": "Versions of the package nossrf before 1.0.4 are vulnerable to Server-Side Request Forgery (SSRF), where an attacker can provide a hostname that resolves to a local or reserved IP address space and bypass the SSRF protection mechanism.",
  "id": "GHSA-vm77-mr48-27wj",
  "modified": "2025-09-26T21:27:59Z",
  "published": "2025-03-23T15:30:33Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-2691"
    },
    {
      "type": "WEB",
      "url": "https://security.snyk.io/vuln/SNYK-JS-NOSSRF-9510842"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N",
      "type": "CVSS_V3"
    },
    {
      "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:L/VA:N/SC:N/SI:N/SA:N/E:P",
      "type": "CVSS_V4"
    }
  ],
  "summary": "nossrf Server-Side Request Forgery (SSRF)"
}

GHSA-VMC4-9828-R48R

Vulnerability from github – Published: 2026-01-08 21:36 – Updated: 2026-01-11 14:55
VLAI
Summary
Ghost has SSRF via External Media Inliner
Details

Impact

A vulnerability in Ghost’s media inliner mechanism allows staff users in possession of a valid authentication token for the Ghost Admin API to exfiltrate data from internal systems via SSRF.

Vulnerable versions

This vulnerability is present in Ghost v5.38.0 to v5.130.5 to and Ghost v6.0.0 to v6.10.3.

Patches

v5.130.6 and v6.11.0 contain a fix for this issue.

References

Ghost thanks Sho Odagiri of GMO Cybersecurity by Ierae, Inc. for discovering and disclosing this vulnerability responsibly.

For more information

If there are any questions or comments about this advisory, email Ghost at security@ghost.org.

Show details on source website

{
  "affected": [
    {
      "database_specific": {
        "last_known_affected_version_range": "\u003c= 6.10.3"
      },
      "package": {
        "ecosystem": "npm",
        "name": "ghost"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "6.0.0"
            },
            {
              "fixed": "6.11.0"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "database_specific": {
        "last_known_affected_version_range": "\u003c= 5.130.5"
      },
      "package": {
        "ecosystem": "npm",
        "name": "ghost"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "5.105.0"
            },
            {
              "fixed": "5.130.6"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2026-22597"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-918"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2026-01-08T21:36:03Z",
    "nvd_published_at": "2026-01-10T03:15:50Z",
    "severity": "MODERATE"
  },
  "details": "### Impact\nA vulnerability in Ghost\u2019s media inliner mechanism allows staff users in possession of a valid authentication token for the Ghost Admin API to exfiltrate data from internal systems via SSRF.\n\n### Vulnerable versions\nThis vulnerability is present in Ghost v5.38.0 to v5.130.5 to and Ghost v6.0.0 to v6.10.3.\n\n### Patches\nv5.130.6 and v6.11.0 contain a fix for this issue.\n\n### References\nGhost thanks Sho Odagiri of GMO Cybersecurity by Ierae, Inc. for discovering and disclosing this vulnerability responsibly.\n\n### For more information\nIf there are any questions or comments about this advisory, email Ghost at [security@ghost.org](mailto:security@ghost.org).",
  "id": "GHSA-vmc4-9828-r48r",
  "modified": "2026-01-11T14:55:24Z",
  "published": "2026-01-08T21:36:03Z",
  "references": [
    {
      "type": "WEB",
      "url": "https://github.com/TryGhost/Ghost/security/advisories/GHSA-vmc4-9828-r48r"
    },
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-22597"
    },
    {
      "type": "WEB",
      "url": "https://github.com/TryGhost/Ghost/commit/15d49131ff4aac3aca8642501c793f01f2bfcbb9"
    },
    {
      "type": "WEB",
      "url": "https://github.com/TryGhost/Ghost/commit/93add549ccf079d8e28bdb724fbb71a76942ff51"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/TryGhost/Ghost"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:N/VI:N/VA:N/SC:L/SI:N/SA:N",
      "type": "CVSS_V4"
    }
  ],
  "summary": "Ghost has SSRF via External Media Inliner"
}

GHSA-VMFC-9982-2M45

Vulnerability from github – Published: 2026-07-07 23:46 – Updated: 2026-07-07 23:46
VLAI
Summary
Weblate SSRF: outbound URL guard misses some private ranges
Details

Impact

Weblate's VCS_RESTRICT_PRIVATE did not properly account for some transitional IPv6 ranges, multicast addresses, or some semi-private IPv4 ranges, which allowed some addresses to bypass private range restrictions.

Patches

  • https://github.com/WeblateOrg/weblate/pull/19768

Resources

The issue was reported by @tonghuaroot via GitHub, and the same user also provided the initial patch.

Show details on source website

{
  "affected": [
    {
      "package": {
        "ecosystem": "PyPI",
        "name": "weblate"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "5.15"
            },
            {
              "fixed": "2026.6"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2026-50127"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-918"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2026-07-07T23:46:33Z",
    "nvd_published_at": "2026-06-10T20:17:29Z",
    "severity": "MODERATE"
  },
  "details": "### Impact\n\nWeblate\u0027s `VCS_RESTRICT_PRIVATE` did not properly account for some transitional IPv6 ranges, multicast addresses, or some semi-private IPv4 ranges, which allowed some addresses to bypass private range restrictions.\n\n### Patches\n\n* https://github.com/WeblateOrg/weblate/pull/19768\n\n### Resources\n\nThe issue was reported by @tonghuaroot via GitHub, and the same user also provided the initial patch.",
  "id": "GHSA-vmfc-9982-2m45",
  "modified": "2026-07-07T23:46:33Z",
  "published": "2026-07-07T23:46:33Z",
  "references": [
    {
      "type": "WEB",
      "url": "https://github.com/WeblateOrg/weblate/security/advisories/GHSA-vmfc-9982-2m45"
    },
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-50127"
    },
    {
      "type": "WEB",
      "url": "https://github.com/WeblateOrg/weblate/pull/19768"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/WeblateOrg/weblate"
    },
    {
      "type": "WEB",
      "url": "https://github.com/WeblateOrg/weblate/releases/tag/weblate-2026.6"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
      "type": "CVSS_V3"
    }
  ],
  "summary": "Weblate SSRF: outbound URL guard misses some private ranges"
}

GHSA-VMH7-9C7H-2PGG

Vulnerability from github – Published: 2026-04-27 21:31 – Updated: 2026-05-06 18:29
VLAI
Summary
auto-favicon has a Server-Side Request Forgery issue
Details

A vulnerability was found in dh1011 auto-favicon up to f189116a9259950c2393f114dbcb94dde0ad864b. This issue affects the function generate_favicon_from_url of the file src/auto_favicon/server.py of the component MCP Tool. The manipulation of the argument image_url results in server-side request forgery. The attack may be performed from remote. The exploit has been made public and could be used. This product utilizes a rolling release system for continuous delivery, and as such, version information for affected or updated releases is not disclosed. The project was informed of the problem early through an issue report but has yet to receive a response.

Show details on source website

{
  "affected": [
    {
      "package": {
        "ecosystem": "PyPI",
        "name": "auto-favicon"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "last_affected": "1.0.1"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2026-7150"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-918"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2026-05-06T18:29:24Z",
    "nvd_published_at": "2026-04-27T19:17:00Z",
    "severity": "LOW"
  },
  "details": "A vulnerability was found in dh1011 auto-favicon up to f189116a9259950c2393f114dbcb94dde0ad864b. This issue affects the function generate_favicon_from_url of the file src/auto_favicon/server.py of the component MCP Tool. The manipulation of the argument image_url results in server-side request forgery. The attack may be performed from remote. The exploit has been made public and could be used. This product utilizes a rolling release system for continuous delivery, and as such, version information for affected or updated releases is not disclosed. The project was informed of the problem early through an issue report but has yet to receive a response.",
  "id": "GHSA-vmh7-9c7h-2pgg",
  "modified": "2026-05-06T18:29:24Z",
  "published": "2026-04-27T21:31:02Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-7150"
    },
    {
      "type": "WEB",
      "url": "https://github.com/dh1011/auto-favicon-mcp/issues/2"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/dh1011/auto-favicon-mcp"
    },
    {
      "type": "WEB",
      "url": "https://vuldb.com/submit/802054"
    },
    {
      "type": "WEB",
      "url": "https://vuldb.com/vuln/359749"
    },
    {
      "type": "WEB",
      "url": "https://vuldb.com/vuln/359749/cti"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
      "type": "CVSS_V3"
    },
    {
      "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P",
      "type": "CVSS_V4"
    }
  ],
  "summary": "auto-favicon has a Server-Side Request Forgery issue"
}

GHSA-VP8W-WJ4M-3R7J

Vulnerability from github – Published: 2026-01-05 21:30 – Updated: 2026-01-05 23:15
VLAI
Summary
evershop allows unauthenticated attackers to force server to initiate HTTP request via "GET /images" API
Details

A Blind Server-Side Request Forgery (SSRF) vulnerability in evershop 2.1.0 and prior allows unauthenticated attackers to force the server to initiate an HTTP request via the "GET /images" API. The vulnerability occurs due to insufficient validation of the "src" query parameter, which permits arbitrary HTTP or HTTPS URIs, resulting in unexpected requests against internal and external networks.

Show details on source website

{
  "affected": [
    {
      "package": {
        "ecosystem": "npm",
        "name": "@evershop/evershop"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "last_affected": "2.1.0"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2025-67427"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-918"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2026-01-05T23:15:41Z",
    "nvd_published_at": "2026-01-05T20:16:03Z",
    "severity": "MODERATE"
  },
  "details": "A Blind Server-Side Request Forgery (SSRF) vulnerability in evershop 2.1.0 and prior allows unauthenticated attackers to force the server to initiate an HTTP request via the \"GET /images\" API. The vulnerability occurs due to insufficient validation of the \"src\" query parameter, which permits arbitrary HTTP or HTTPS URIs, resulting in unexpected requests against internal and external networks.",
  "id": "GHSA-vp8w-wj4m-3r7j",
  "modified": "2026-01-05T23:15:41Z",
  "published": "2026-01-05T21:30:33Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-67427"
    },
    {
      "type": "WEB",
      "url": "https://github.com/dos-m0nk3y/CVE/tree/main/CVE-2025-67427"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/evershopcommerce/evershop"
    },
    {
      "type": "WEB",
      "url": "https://pages.dos-m0nk3y.com/blog/EverShop%202.1.0%20-%20Unauthenticated%20DoS/#server-side-request-forgery-ssrf-cve-2025-67427"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:P",
      "type": "CVSS_V4"
    }
  ],
  "summary": "evershop allows unauthenticated attackers to force server to initiate HTTP request via \"GET /images\" API"
}

GHSA-VPFF-M9VH-PV4H

Vulnerability from github – Published: 2024-03-01 12:30 – Updated: 2024-03-10 03:30
VLAI
Details

A vulnerability was found in Harrison Chase LangChain 0.1.9. It has been classified as critical. Affected is the function load_local in the library libs/community/langchain_community/retrievers/tfidf.py. The manipulation leads to server-side request forgery. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-255372.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2024-2057"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-918"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2024-03-01T12:15:48Z",
    "severity": "MODERATE"
  },
  "details": "A vulnerability was found in Harrison Chase LangChain 0.1.9. It has been classified as critical. Affected is the function load_local in the library libs/community/langchain_community/retrievers/tfidf.py. The manipulation leads to server-side request forgery. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-255372.",
  "id": "GHSA-vpff-m9vh-pv4h",
  "modified": "2024-03-10T03:30:45Z",
  "published": "2024-03-01T12:30:53Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-2057"
    },
    {
      "type": "WEB",
      "url": "https://github.com/langchain-ai/langchain/pull/18695"
    },
    {
      "type": "WEB",
      "url": "https://github.com/bayuncao/vul-cve-16"
    },
    {
      "type": "WEB",
      "url": "https://github.com/bayuncao/vul-cve-16/tree/main/PoC.pkl"
    },
    {
      "type": "WEB",
      "url": "https://vuldb.com/?ctiid.255372"
    },
    {
      "type": "WEB",
      "url": "https://vuldb.com/?id.255372"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-VPJ2-MH86-XPMV

Vulnerability from github – Published: 2024-05-14 21:34 – Updated: 2024-05-14 21:34
VLAI
Details

In WhatsUp Gold versions released before 2023.1.2 ,

a blind SSRF vulnerability exists in Whatsup Gold's FaviconController that allows an attacker to send arbitrary HTTP requests on behalf of the vulnerable server.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2024-4561"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-918"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2024-05-14T21:15:13Z",
    "severity": "MODERATE"
  },
  "details": "\nIn WhatsUp Gold versions released before 2023.1.2 , \n\na blind SSRF vulnerability exists in Whatsup Gold\u0027s FaviconController that allows an attacker to send arbitrary HTTP requests on behalf of the vulnerable server.\n\n",
  "id": "GHSA-vpj2-mh86-xpmv",
  "modified": "2024-05-14T21:34:44Z",
  "published": "2024-05-14T21:34:44Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-4561"
    },
    {
      "type": "WEB",
      "url": "https://community.progress.com/s/article/Announcing-WhatsUp-Gold-v2023-1-2"
    },
    {
      "type": "WEB",
      "url": "https://www.progress.com/network-monitoring"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N",
      "type": "CVSS_V3"
    }
  ]
}

No mitigation information available for this CWE.

CAPEC-664: Server Side Request Forgery

An adversary exploits improper input validation by submitting maliciously crafted input to a target application running on a server, with the goal of forcing the server to make a request either to itself, to web services running in the server’s internal network, or to external third parties. If successful, the adversary’s request will be made with the server’s privilege level, bypassing its authentication controls. This ultimately allows the adversary to access sensitive data, execute commands on the server’s network, and make external requests with the stolen identity of the server. Server Side Request Forgery attacks differ from Cross Site Request Forgery attacks in that they target the server itself, whereas CSRF attacks exploit an insecure user authentication mechanism to perform unauthorized actions on the user's behalf.