Total
1195 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-35949 | 1 Nodejs | 1 Undici | 2024-02-28 | N/A | 9.8 CRITICAL |
| undici is an HTTP/1.1 client, written from scratch for Node.js.`undici` is vulnerable to SSRF (Server-side Request Forgery) when an application takes in **user input** into the `path/pathname` option of `undici.request`. If a user specifies a URL such as `http://127.0.0.1` or `//127.0.0.1` ```js const undici = require("undici") undici.request({origin: "http://example.com", pathname: "//127.0.0.1"}) ``` Instead of processing the request as `http://example.org//127.0.0.1` (or `http://example.org/http://127.0.0.1` when `http://127.0.0.1 is used`), it actually processes the request as `http://127.0.0.1/` and sends it to `http://127.0.0.1`. If a developer passes in user input into `path` parameter of `undici.request`, it can result in an _SSRF_ as they will assume that the hostname cannot change, when in actual fact it can change because the specified path parameter is combined with the base URL. This issue was fixed in `undici@5.8.1`. The best workaround is to validate user input before passing it to the `undici.request` call. | |||||
| CVE-2022-3708 | 1 Google | 1 Web Stories | 2024-02-28 | N/A | 8.1 HIGH |
| The Web Stories plugin for WordPress is vulnerable to Server-Side Request Forgery in versions up to, and including 1.24.0 due to insufficient validation of URLs supplied via the 'url' parameter found via the /v1/hotlink/proxy REST API Endpoint. This makes it possible for authenticated users to make web requests to arbitrary locations originating from the web application and can be used to query and modify information from internal services. | |||||
| CVE-2022-36551 | 1 Heartex | 1 Label Studio | 2024-02-28 | N/A | 6.5 MEDIUM |
| A Server Side Request Forgery (SSRF) in the Data Import module in Heartex - Label Studio Community Edition versions 1.5.0 and earlier allows an authenticated user to access arbitrary files on the system. Furthermore, self-registration is enabled by default in these versions of Label Studio enabling a remote attacker to create a new account and then exploit the SSRF. | |||||
| CVE-2022-36451 | 1 Mitel | 1 Micollab | 2024-02-28 | N/A | 8.8 HIGH |
| A vulnerability in the MiCollab Client server component of Mitel MiCollab through 9.5.0.101 could allow an authenticated attacker to conduct a Server-Side Request Forgery (SSRF) attack due to insufficient restriction of URL parameters. A successful exploit could allow an attacker to leverage connections and permissions available to the host server. | |||||
| CVE-2022-41704 | 2 Apache, Debian | 2 Batik, Debian Linux | 2024-02-28 | N/A | 7.5 HIGH |
| A vulnerability in Batik of Apache XML Graphics allows an attacker to run untrusted Java code from an SVG. This issue affects Apache XML Graphics prior to 1.16. It is recommended to update to version 1.16. | |||||
| CVE-2022-38648 | 2 Apache, Debian | 2 Batik, Debian Linux | 2024-02-28 | N/A | 5.3 MEDIUM |
| Server-Side Request Forgery (SSRF) vulnerability in Batik of Apache XML Graphics allows an attacker to fetch external resources. This issue affects Apache XML Graphics Batik 1.14. | |||||
| CVE-2022-35282 | 1 Ibm | 1 Websphere Application Server | 2024-02-28 | N/A | 6.5 MEDIUM |
| IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 is vulnerable to server-side request forgery (SSRF). By sending a specially crafted request, an attacker with local network access could exploit this vulnerability to obtain sensitive data. | |||||
| CVE-2022-22416 | 1 Ibm | 2 Partner Engagement Manager, Partner Engagement Manager On Cloud\/saas | 2024-02-28 | N/A | 5.4 MEDIUM |
| IBM Sterling Partner Engagement Manager 6.1.2, 6.2, and Cloud/SasS 22.2 is vulnerable to server-side request forgery (SSRF). This may allow an authenticated attacker to send unauthorized requests from the system, potentially leading to network enumeration or facilitating other attacks. IBM X-Force ID: 223126. | |||||
| CVE-2022-36802 | 1 Atlassian | 1 Jira Align | 2024-02-28 | N/A | 4.9 MEDIUM |
| The ManageJiraConnectors API in Atlassian Jira Align before version 10.109.2 allows remote attackers to exploit this issue to access internal network resources via a Server-Side Request Forgery. This can be exploited by a remote, unauthenticated attacker with Super Admin privileges by sending a specially crafted HTTP request. | |||||
| CVE-2022-36663 | 1 Gluu | 1 Oxauth | 2024-02-28 | N/A | 9.8 CRITICAL |
| Gluu Oxauth before v4.4.1 allows attackers to execute blind SSRF (Server-Side Request Forgery) attacks via a crafted request_uri parameter. | |||||
| CVE-2022-35583 | 1 Wkhtmltopdf | 1 Wkhtmltopdf | 2024-02-28 | N/A | 9.8 CRITICAL |
| wkhtmlTOpdf 0.12.6 is vulnerable to SSRF which allows an attacker to get initial access into the target's system by injecting iframe tag with initial asset IP address on it's source. This allows the attacker to takeover the whole infrastructure by accessing their internal assets. | |||||
| CVE-2022-39383 | 1 Linuxfoundation | 1 Kubevela | 2024-02-28 | N/A | 6.5 MEDIUM |
| KubeVela is an open source application delivery platform. Users using the VelaUX APIServer could be affected by this vulnerability. When using Helm Chart as the component delivery method, the request address of the warehouse is not restricted, and there is a blind SSRF vulnerability. Users who're using v1.6, please update the v1.6.1. Users who're using v1.5, please update the v1.5.8. There are no known workarounds for this issue. | |||||
| CVE-2022-40357 | 1 Zblogcn | 1 Z-blogphp | 2024-02-28 | N/A | 9.8 CRITICAL |
| A security issue was discovered in Z-BlogPHP <= 1.7.2. A Server-Side Request Forgery (SSRF) vulnerability in the zb_users/plugin/UEditor/php/action_crawler.php file allows remote attackers to force the application to make arbitrary requests via injection of arbitrary URLs into the source parameter. | |||||
| CVE-2022-39211 | 1 Nextcloud | 2 Nextcloud Enterprise Server, Nextcloud Server | 2024-02-28 | N/A | 5.3 MEDIUM |
| Nextcloud server is an open source personal cloud platform. In affected versions it was found that locally running webservices can be found and requested erroneously. It is recommended that the Nextcloud Server is upgraded to 23.0.8 or 24.0.4. It is recommended that the Nextcloud Enterprise Server is upgraded to 22.2.10.4, 23.0.8 or 24.0.4. There are no known workarounds for this issue. | |||||
| CVE-2022-38580 | 1 Zalando | 1 Skipper | 2024-02-28 | N/A | 9.8 CRITICAL |
| Zalando Skipper v0.13.236 is vulnerable to Server-Side Request Forgery (SSRF). | |||||
| CVE-2022-20958 | 1 Cisco | 1 Broadworks Commpilot Application | 2024-02-28 | N/A | 8.8 HIGH |
| A vulnerability in the web-based management interface of Cisco BroadWorks CommPilot application could allow an unauthenticated, remote attacker to perform a server-side request forgery (SSRF) attack on an affected device. This vulnerability is due to insufficient validation of user-supplied input. An attacker could exploit this vulnerability by sending a crafted HTTP request to the web interface. A successful exploit could allow the attacker to obtain confidential information from the BroadWorks server and other device on the network. {{value}} ["%7b%7bvalue%7d%7d"])}]] | |||||
| CVE-2022-40146 | 2 Apache, Debian | 2 Batik, Debian Linux | 2024-02-28 | N/A | 7.5 HIGH |
| Server-Side Request Forgery (SSRF) vulnerability in Batik of Apache XML Graphics allows an attacker to access files using a Jar url. This issue affects Apache XML Graphics Batik 1.14. | |||||
| CVE-2022-2352 | 1 Wpexperts | 1 Post Smtp | 2024-02-28 | N/A | 7.2 HIGH |
| The Post SMTP Mailer/Email Log WordPress plugin before 2.1.7 does not have proper authorisation in some AJAX actions, which could allow high privilege users such as admin to perform blind SSRF on multisite installations for example. | |||||
| CVE-2022-39239 | 1 Nuxtjs | 1 Netlify-ipx | 2024-02-28 | N/A | 5.4 MEDIUM |
| netlify-ipx is an on-Demand image optimization for Netlify using ipx. In versions prior to 1.2.3, an attacker can bypass the source image domain allowlist by sending specially crafted headers, causing the handler to load and return arbitrary images. Because the response is cached globally, this image will then be served to visitors without requiring those headers to be set. XSS can be achieved by requesting a malicious SVG with embedded scripts, which would then be served from the site domain. Note that this does not apply to images loaded in `<img>` tags, as scripts do not execute in this context. The image URL can be set in the header independently of the request URL, meaning any site images that have not previously been cached can have their cache poisoned. This problem has been fixed in version 1.2.3. As a workaround, cached content can be cleared by re-deploying the site. | |||||
| CVE-2022-3247 | 1 Adenion | 1 Blog2social | 2024-02-28 | N/A | 6.5 MEDIUM |
| The Blog2Social: Social Media Auto Post & Scheduler WordPress plugin before 6.9.10 does not have authorisation in an AJAX action, and does not ensure that the URL to make a request to is an external one. As a result, any authenticated users, such as subscriber could perform SSRF attacks | |||||