Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

github логотип

GHSA-fwhc-mm9q-mqq8

Опубликовано: 22 мая 2024
Источник: github
Github: Прошло ревью
CVSS3: 9.1

Описание

VuFind Server-Side Request Forgery (SSRF) vulnerability

A Server-Side Request Forgery (SSRF) vulnerability in the /Cover/Show route (showAction in CoverController.php) in Open Library Foundation VuFind 2.4 through 9.1 before 9.1.1 allows remote attackers to access internal HTTP servers and perform Cross-Site Scripting (XSS) attacks by proxying arbitrary URLs via the proxy GET parameter.

Ссылки

Пакеты

Наименование

vufind/vufind

composer
Затронутые версииВерсия исправления

>= 2.4, < 9.1.1

9.1.1

EPSS

Процентиль: 51%
0.0028
Низкий

9.1 Critical

CVSS3

CVE ID

CVE-2024-25737

Дефекты

CWE-79
CWE-918

Связанные уязвимости

nvd логотип

CVE-2024-25737

CVSS3: 5.4
nvd
больше 1 года назад

A Server-Side Request Forgery (SSRF) vulnerability in the /Cover/Show route (showAction in CoverController.php) in Open Library Foundation VuFind 2.4 through 9.1 before 9.1.1 allows remote attackers to access internal HTTP servers and perform Cross-Site Scripting (XSS) attacks by proxying arbitrary URLs via the proxy GET parameter.

EPSS

Процентиль: 51%
0.0028
Низкий

9.1 Critical

CVSS3

CVE ID

CVE-2024-25737

Дефекты

CWE-79
CWE-918