Описание
Gomatrixserverlib is a Go library for matrix federation. Gomatrixserverlib is vulnerable to server-side request forgery, serving content from a private network it can access, under certain conditions. The commit c4f1e01 fixes this issue. Users are advised to upgrade. Users unable to upgrade should use a local firewall to limit the network segments and hosts the service using gomatrixserverlib can access.
EPSS
Процентиль: 32%
0.00121
Низкий
4.3 Medium
CVSS3
Дефекты
CWE-918
Связанные уязвимости
CVSS3: 4.3
github
около 1 года назад
Gomatrixserverlib Server-Side Request Forgery (SSRF) on redirects and federation
EPSS
Процентиль: 32%
0.00121
Низкий
4.3 Medium
CVSS3
Дефекты
CWE-918