Описание
Appsmith v1.7.11 was discovered to allow attackers to execute an authenticated Server-Side Request Forgery (SSRF) via redirecting incoming requests to the AWS internal metadata endpoint.
Ссылки
- Issue TrackingPatchThird Party Advisory
- Issue TrackingPatchThird Party Advisory
Уязвимые конфигурации
Конфигурация 1
cpe:2.3:a:appsmith:appsmith:1.7.11:*:*:*:*:*:*:*
EPSS
Процентиль: 49%
0.00257
Низкий
8.8 High
CVSS3
Дефекты
CWE-918
Связанные уязвимости
CVSS3: 8.8
github
больше 3 лет назад
Appsmith v1.7.11 was discovered to allow attackers to execute an authenticated Server-Side Request Forgery (SSRF) via redirecting incoming requests to the AWS internal metadata endpoint.
EPSS
Процентиль: 49%
0.00257
Низкий
8.8 High
CVSS3
Дефекты
CWE-918