Описание
A vulnerability was found in Ariadne Component Library up to 2.x. It has been classified as critical. Affected is an unknown function of the file src/url/Url.php. The manipulation leads to server-side request forgery. Upgrading to version 3.0 is able to address this issue. It is recommended to upgrade the affected component. The identifier of this vulnerability is VDB-217140.
Ссылки
- PatchThird Party Advisory
- Release NotesThird Party Advisory
- Third Party Advisory
- Third Party Advisory
- PatchThird Party Advisory
- Release NotesThird Party Advisory
- Third Party Advisory
- Third Party Advisory
Уязвимые конфигурации
Конфигурация 1Версия до 3.0 (исключая)
cpe:2.3:a:ariadne-cms:ariadne_component_library:*:*:*:*:*:*:*:*
EPSS
Процентиль: 57%
0.00351
Низкий
5.5 Medium
CVSS3
9.8 Critical
CVSS3
5.2 Medium
CVSS2
Дефекты
CWE-918
Связанные уязвимости
CVSS3: 9.8
github
около 3 лет назад
Ariadne Component Library vulnerable to Server-Side Request Forgery
EPSS
Процентиль: 57%
0.00351
Низкий
5.5 Medium
CVSS3
9.8 Critical
CVSS3
5.2 Medium
CVSS2
Дефекты
CWE-918