GHSA-qr97-v87p-x965

Опубликовано: 31 дек. 2022

Источник: github

Github: Прошло ревью

CVSS3: 9.8

Описание

Ariadne Component Library vulnerable to Server-Side Request Forgery

A vulnerability was found in Ariadne Component Library up to 2.x. It has been classified as critical. Affected is an unknown function of the file src/url/Url.php. The manipulation leads to server-side request forgery. Upgrading to version 3.0 can address this issue. It is recommended to upgrade the affected component. The identifier of this vulnerability is VDB-217140.

Ссылки

Пакеты

Наименование

arc/web

composer

Затронутые версииВерсия исправления

< 3.0

3.0

EPSS

Процентиль: 57%

0.00351

Низкий

9.8 Critical

CVSS3

CVE ID

CVE-2017-20157

Дефекты

CWE-918

Связанные уязвимости

CVE-2017-20157

CVSS3: 5.5

nvd

около 3 лет назад

A vulnerability was found in Ariadne Component Library up to 2.x. It has been classified as critical. Affected is an unknown function of the file src/url/Url.php. The manipulation leads to server-side request forgery. Upgrading to version 3.0 is able to address this issue. It is recommended to upgrade the affected component. The identifier of this vulnerability is VDB-217140.

EPSS

Процентиль: 57%

0.00351

Низкий

9.8 Critical

CVSS3

CVE ID

CVE-2017-20157

Дефекты

CWE-918