GHSA-4ff6-858j-r822

Опубликовано: 16 янв. 2025

Источник: github

Github: Прошло ревью

CVSS3: 4.3

Описание

Gomatrixserverlib Server-Side Request Forgery (SSRF) on redirects and federation

Impact

Gomatrixserverlib is vulnerable to server-side request forgery, serving content from a private network it can access, under certain conditions.

Patches

c4f1e01eab0dd435709ad15463ed38a079ad6128 fixes this issue.

Workarounds

Use a local firewall to limit the network segments and hosts the service using gomatrixserverlib can access.

References

N/A

Ссылки

Пакеты

Наименование

github.com/matrix-org/gomatrixserverlib

Затронутые версииВерсия исправления

<= 0.0.0-20250106190028-bf86bc98b879

0.0.0-20250116181547-c4f1e01eab0d

EPSS

Процентиль: 32%

0.00121

Низкий

4.3 Medium

CVSS3

CVE ID

CVE-2024-52594

Дефекты

CWE-918

Связанные уязвимости

CVE-2024-52594

CVSS3: 4.3

nvd

около 1 года назад

Gomatrixserverlib is a Go library for matrix federation. Gomatrixserverlib is vulnerable to server-side request forgery, serving content from a private network it can access, under certain conditions. The commit `c4f1e01` fixes this issue. Users are advised to upgrade. Users unable to upgrade should use a local firewall to limit the network segments and hosts the service using gomatrixserverlib can access.

SUSE-SU-2025:0297-1

suse-cvrf

около 1 года назад

Security update for govulncheck-vulndb

EPSS

Процентиль: 32%

0.00121

Низкий

4.3 Medium

CVSS3

CVE ID

CVE-2024-52594

Дефекты

CWE-918