Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

github логотип

GHSA-284f-f2hw-j2gx

Опубликовано: 12 окт. 2021
Источник: github
Github: Прошло ревью
CVSS3: 8.2

Описание

Server-Side Request Forgery vulnerability in concrete5

A Server-Side Request Forgery vulnerability was found in concrete5 < 8.5.5 that allowed a decimal notation encoded IP address to bypass the limitations in place for localhost allowing interaction with local services. Impact can vary depending on services exposed.

Ссылки

Пакеты

Наименование

concrete5/concrete5

composer
Затронутые версииВерсия исправления

< 8.5.5

8.5.5

EPSS

Процентиль: 60%
0.00396
Низкий

8.2 High

CVSS3

CVE ID

CVE-2021-22958

Дефекты

CWE-918

Связанные уязвимости

nvd логотип

CVE-2021-22958

CVSS3: 9.8
nvd
почти 4 года назад

A Server-Side Request Forgery vulnerability was found in concrete5 < 8.5.5 that allowed a decimal notation encoded IP address to bypass the limitations in place for localhost allowing interaction with local services. Impact can vary depending on services exposed.CVSSv2.0 AV:A/AC:H/PR:H/UI:N/S:U/C:L/I:N/A:N

EPSS

Процентиль: 60%
0.00396
Низкий

8.2 High

CVSS3

CVE ID

CVE-2021-22958

Дефекты

CWE-918