stangirard/quivr version 0.0.236 contains a Server-Side Request Forgery (SSRF) vulnerability. The application does not provide sufficient controls when crawling a website, allowing an attacker to access applications on the local network. This vulnerability could allow a malicious user to gain access to internal servers, the AWS metadata endpoint, and capture Supabase data.
References
Link | Resource |
---|---|
https://huntr.com/bounties/c178bf48-1d4a-4743-87ca-4cc8e475d274 | Exploit Technical Description |
https://huntr.com/bounties/c178bf48-1d4a-4743-87ca-4cc8e475d274 | Exploit Technical Description |
Configurations
History
21 Nov 2024, 09:48
Type | Values Removed | Values Added |
---|---|---|
References | () https://huntr.com/bounties/c178bf48-1d4a-4743-87ca-4cc8e475d274 - Exploit, Technical Description |
20 Aug 2024, 20:37
Type | Values Removed | Values Added |
---|---|---|
Summary |
|
|
CPE | cpe:2.3:a:quivr:quivr:0.0.236:*:*:*:*:*:*:* | |
References | () https://huntr.com/bounties/c178bf48-1d4a-4743-87ca-4cc8e475d274 - Exploit, Technical Description | |
First Time |
Quivr quivr
Quivr |
27 Jun 2024, 19:25
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2024-06-27 19:15
Updated : 2024-11-21 09:48
NVD link : CVE-2024-5885
Mitre link : CVE-2024-5885
CVE.ORG link : CVE-2024-5885
JSON object : View
Products Affected
quivr
- quivr
CWE
CWE-918
Server-Side Request Forgery (SSRF)