GHSA-mcg9-64cp-xwp7

Опубликовано: 05 июл. 2019

Источник: github

Github: Прошло ревью

CVSS3: 9.8

Описание

Server-Side Request Forgery in Hawt Hawtio

Hawt Hawtio through 2.5.0 is vulnerable to SSRF, allowing a remote attacker to trigger an HTTP request from an affected server to an arbitrary host via the initial /proxy/ substring of a URI.

Ссылки

Пакеты

Наименование

io.hawt:hawtio-core

maven

Затронутые версииВерсия исправления

< 2.5.0

2.5.0

EPSS

Процентиль: 74%

0.00825

Низкий

9.8 Critical

CVSS3

CVE ID

CVE-2019-9827

Дефекты

CWE-918

Связанные уязвимости

CVE-2019-9827

CVSS3: 5.5

redhat

больше 6 лет назад

Hawt Hawtio through 2.5.0 is vulnerable to SSRF, allowing a remote attacker to trigger an HTTP request from an affected server to an arbitrary host via the initial /proxy/ substring of a URI.

CVE-2019-9827

CVSS3: 9.8

nvd

больше 6 лет назад

Hawt Hawtio through 2.5.0 is vulnerable to SSRF, allowing a remote attacker to trigger an HTTP request from an affected server to an arbitrary host via the initial /proxy/ substring of a URI.

EPSS

Процентиль: 74%

0.00825

Низкий

9.8 Critical

CVSS3

CVE ID

CVE-2019-9827

Дефекты

CWE-918