Описание
SparkShop <=1.1.7 is vulnerable to server-side request forgery (SSRF). This vulnerability allows attacks to scan ports on the Intranet or local network where the server resides, attack applications running on the Intranet or local network, or read metadata on the cloud server.
Ссылки
- Third Party Advisory
- Product
Уязвимые конфигурации
Конфигурация 1Версия до 1.1.7 (включая)
cpe:2.3:a:sparkshop:sparkshop:*:*:*:*:*:*:*:*
EPSS
Процентиль: 32%
0.00124
Низкий
6.5 Medium
CVSS3
Дефекты
CWE-918
Связанные уязвимости
CVSS3: 6.5
github
больше 1 года назад
SparkShop <=1.1.7 is vulnerable to server-side request forgery (SSRF). This vulnerability allows attacks to scan ports on the Intranet or local network where the server resides, attack applications running on the Intranet or local network, or read metadata on the cloud server.
EPSS
Процентиль: 32%
0.00124
Низкий
6.5 Medium
CVSS3
Дефекты
CWE-918