exploitDog

CVE-2022-27311

Опубликовано: 25 апр. 2022

Источник: nvd

CVSS3: 9.8

CVSS2: 7.5

EPSS Низкий

Описание

Gibbon v3.4.4 and below allows attackers to execute a Server-Side Request Forgery (SSRF) via a crafted URL.

Ссылки

https://github.com/amro/gibbon/commit/b2eb99ed304d7491a6d348a5bbdc83a008fc6e0b
Patch
Third Party Advisory
https://github.com/amro/gibbon/commit/cade20ca2438cd1b182dad70cbb77fb895779d10
Patch
Third Party Advisory
https://github.com/amro/gibbon/pull/321
Issue Tracking
Patch
Third Party Advisory
https://github.com/amro/gibbon/commit/b2eb99ed304d7491a6d348a5bbdc83a008fc6e0b
Patch
Third Party Advisory
https://github.com/amro/gibbon/commit/cade20ca2438cd1b182dad70cbb77fb895779d10
Patch
Third Party Advisory
https://github.com/amro/gibbon/pull/321
Issue Tracking
Patch
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:gibbon_project:gibbon:*:*:*:*:*:ruby:*:*

Версия до 3.4.4 (исключая)

EPSS

Процентиль: 50%

0.00271

Низкий

9.8 Critical

CVSS3

7.5 High

CVSS2

Дефекты

CWE-918

Связанные уязвимости

GHSA-vx9g-377x-xwxq

CVSS3: 9.8

github

почти 4 года назад

Server side request forgery in gibbon

EPSS

Процентиль: 50%

0.00271

Низкий

9.8 Critical

CVSS3

7.5 High

CVSS2

Дефекты

CWE-918