exploitDog

CVE-2024-5885

Опубликовано: 27 июн. 2024

Источник: nvd

CVSS3: 8.6

CVSS3: 8.6

EPSS Низкий

Описание

stangirard/quivr version 0.0.236 contains a Server-Side Request Forgery (SSRF) vulnerability. The application does not provide sufficient controls when crawling a website, allowing an attacker to access applications on the local network. This vulnerability could allow a malicious user to gain access to internal servers, the AWS metadata endpoint, and capture Supabase data.

Ссылки

https://huntr.com/bounties/c178bf48-1d4a-4743-87ca-4cc8e475d274
Exploit
Technical Description
https://huntr.com/bounties/c178bf48-1d4a-4743-87ca-4cc8e475d274
Exploit
Technical Description

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:quivr:quivr:0.0.236:*:*:*:*:*:*:*

EPSS

Процентиль: 45%

0.00221

Низкий

8.6 High

CVSS3

8.6 High

CVSS3

Дефекты

CWE-918

Связанные уязвимости

GHSA-x34h-5qgf-76hx

CVSS3: 8.6

github

больше 1 года назад

stangirard/quivr version 0.0.236 contains a Server-Side Request Forgery (SSRF) vulnerability. The application does not provide sufficient controls when crawling a website, allowing an attacker to access applications on the local network. This vulnerability could allow a malicious user to gain access to internal servers, the AWS metadata endpoint, and capture Supabase data.

EPSS

Процентиль: 45%

0.00221

Низкий

8.6 High

CVSS3

8.6 High

CVSS3

Дефекты

CWE-918