Описание
I, Librarian version 4.8 and earlier contains a SSRF vulnerability in "url" parameter of getFromWeb in functions.php that can result in the attacker abusing functionality on the server to read or update internal resources.
Пакеты
| Пакет | Статус | Версия исправления | Релиз | Тип |
|---|---|---|---|---|
| i-librarian | itp | package |
Примечания
https://github.com/mkucej/i-librarian/issues/120
EPSS
Процентиль: 44%
0.00212
Низкий
Связанные уязвимости
CVSS3: 9.1
nvd
почти 8 лет назад
I, Librarian version 4.8 and earlier contains a SSRF vulnerability in "url" parameter of getFromWeb in functions.php that can result in the attacker abusing functionality on the server to read or update internal resources.
CVSS3: 9.1
github
больше 3 лет назад
I, Librarian version 4.8 and earlier contains a SSRF vulnerability in "url" parameter of getFromWeb in functions.php that can result in the attacker abusing functionality on the server to read or update internal resources.
EPSS
Процентиль: 44%
0.00212
Низкий