CVE-2023-44313

Server-Side Request Forgery (SSRF) vulnerability in Apache ServiceComb Service-Center. Attackers can obtain sensitive server information through specially crafted requests.This issue affects Apache ServiceComb before 2.1.0(include). Users are recommended to upgrade to version 2.2.0, which fixes the issue.
References
Configurations

Configuration 1 (hide)

cpe:2.3:a:apache:servicecomb:*:*:*:*:*:*:*:*

History

21 Nov 2024, 08:25

Type Values Removed Values Added
References () http://www.openwall.com/lists/oss-security/2024/01/31/4 - Mailing List, Third Party Advisory () http://www.openwall.com/lists/oss-security/2024/01/31/4 - Mailing List, Third Party Advisory
References () https://lists.apache.org/thread/kxovd455o9h4f2v811hcov2qknbwld5r - Mailing List, Third Party Advisory () https://lists.apache.org/thread/kxovd455o9h4f2v811hcov2qknbwld5r - Mailing List, Third Party Advisory
CVSS v2 : unknown
v3 : 7.5
v2 : unknown
v3 : 7.6

08 Feb 2024, 17:13

Type Values Removed Values Added
References () https://lists.apache.org/thread/kxovd455o9h4f2v811hcov2qknbwld5r - () https://lists.apache.org/thread/kxovd455o9h4f2v811hcov2qknbwld5r - Mailing List, Third Party Advisory
References () http://www.openwall.com/lists/oss-security/2024/01/31/4 - () http://www.openwall.com/lists/oss-security/2024/01/31/4 - Mailing List, Third Party Advisory
CPE cpe:2.3:a:apache:servicecomb:*:*:*:*:*:*:*:*
First Time Apache
Apache servicecomb
CVSS v2 : unknown
v3 : unknown
v2 : unknown
v3 : 7.5

31 Jan 2024, 18:15

Type Values Removed Values Added
References
  • () http://www.openwall.com/lists/oss-security/2024/01/31/4 -

31 Jan 2024, 09:15

Type Values Removed Values Added
New CVE

Information

Published : 2024-01-31 09:15

Updated : 2024-11-21 08:25


NVD link : CVE-2023-44313

Mitre link : CVE-2023-44313

CVE.ORG link : CVE-2023-44313


JSON object : View

Products Affected

apache

  • servicecomb
CWE
CWE-918

Server-Side Request Forgery (SSRF)