#ssrf

CVE-2022-24969

bypass CVE-2021-25640 > In Apache Dubbo prior to 2.6.12 and 2.7.15, the usage of parseURL method will lead to the bypass of the white host check which can cause open redirect or SSRF vulnerability.

2 years ago

CVE

Open in Source

#vulnerability #apache #ssrf

CVE-2022-31830: [Vuln] SSRF vulnerability in `init` Function of `ImageCapture.class.php` File (Kity Minder v1.3.5 version) · Issue #345 · fex-team/kityminder

Kity Minder v1.3.5 was discovered to contain a Server-Side Request Forgery (SSRF) via the init function at ImageCapture.class.php.

2 years ago

CVE

Open in Source

#vulnerability #web #windows #apple #js #php #ssrf #chrome #webkit

CVE-2022-31827: CVE_Request/MonstaFTP_v2_10_3_SSRF.md at master · zer0yu/CVE_Request

MonstaFTP v2.10.3 was discovered to contain a Server-Side Request Forgery (SSRF) via the function performFetchRequest at HTTPFetcher.php.

2 years ago

CVE

Open in Source

#vulnerability #web #windows #apple #js #php #ssrf #auth #chrome #webkit

CVE-2022-31393: [Vuln] SSRF vulnerability in `index` Function of `PluginsController.php` File (2.2.5 version) · Issue #76 · Cherry-toto/jizhicms

Jizhicms v2.2.5 was discovered to contain a Server-Side Request Forgery (SSRF) vulnerability via the Index function in app/admin/c/PluginsController.php.

2 years ago

CVE

Open in Source

#vulnerability #web #windows #apple #apache #js #java #php #ssrf #chrome #webkit

CVE-2022-31390: [Vuln] SSRF vulnerability in `update` Function of `TemplateController.php` File when `$action` is `start-download` (2.2.5 version) · Issue #75 · Cherry-toto/jizhicms

Jizhicms v2.2.5 was discovered to contain a Server-Side Request Forgery (SSRF) vulnerability via the Update function in app/admin/c/TemplateController.php.

2 years ago

CVE

Open in Source

#vulnerability #web #windows #apple #apache #js #java #php #ssrf #chrome #webkit

CVE-2022-31386: [Vuln] SSRF vulnerability in getFileBinary Function · Issue #5 · Fanli2012/nbnbk

A Server-Side Request Forgery (SSRF) in the getFileBinary function of nbnbk cms 3 allows attackers to force the application to make arbitrary requests via injection of arbitrary URLs into the URL parameter.

2 years ago

CVE

Open in Source

#vulnerability #js #php #ssrf

GHSA-pp3c-cf6j-m3ff: Server-Side Request Forgery in Jodd HTTP

Jodd HTTP v6.0.9 was discovered to contain multiple CLRF injection vulnerabilities via the components jodd.http.HttpRequest#set and `jodd.http.HttpRequest#send. These vulnerabilities allow attackers to execute Server-Side Request Forgery (SSRF) via a crafted TCP payload.

2 years ago

ghsa

Open in Source

#vulnerability #git #ssrf

CVE-2022-29631: CRLF injection vulnerability in jodd-http · Issue #9 · oblac/jodd-http

2 years ago

CVE

Open in Source

#vulnerability #ssrf

CVE-2022-23712: Security issues

A Denial of Service flaw was discovered in Elasticsearch. Using this vulnerability, an unauthenticated attacker could forcibly shut down an Elasticsearch node with a specifically formatted network request.

2 years ago

CVE

Open in Source

#sql #xss #csrf #vulnerability #web #ios #mac #windows #dos #apache #nodejs #js #git #java #kubernetes #rce #perl #ldap #ssrf #pdf #log4j #oauth #auth #ibm #ruby #postgres #jira #chrome #ssl

GHSA-w689-557m-2cvq: Server-Side Request Forgery in gogs webhook

### Impact The malicious user is able to discover services in the internal network through webhook functionality. All installations accepting public traffic are affected. ### Patches Webhook payload URLs are revalidated before each delivery to make sure they are not resolved to blocked local network addresses. Users should upgrade to 0.12.8 or the latest 0.13.0+dev. ### Workarounds Run Gogs in its own private network. ### References https://huntr.dev/bounties/da1fbd6e-7a02-458e-9c2e-6d226c47046d/ ### For more information If you have any questions or comments about this advisory, please post on https://github.com/gogs/gogs/issues/6901.

2 years ago

ghsa

Open in Source

#vulnerability #web #git #ssrf

Tag

#ssrf