Описание
The Librarian contains an internal port scanning vulnerability, facilitated by the web_fetch tool, which can be used with SSRF-style behavior to perform GET requests to internal IP addresses and services, enabling scanning of the Hertzner cloud environment that TheLibrarian uses. The vendor has fixed the vulnerability in all affected versions.
Ссылки
- Third Party Advisory
- Product
Уязвимые конфигурации
Конфигурация 1
cpe:2.3:a:thelibrarian:the_librarian:-:*:*:*:*:*:*:*
EPSS
Процентиль: 12%
0.00042
Низкий
7.5 High
CVSS3
Дефекты
CWE-918
Связанные уязвимости
CVSS3: 7.5
github
22 дня назад
The Librarian contains an internal port scanning vulnerability, facilitated by the `web_fetch` tool, which can be used with SSRF-style behavior to perform GET requests to internal IP addresses and services, enabling scanning of the Hertzner cloud environment that TheLibrarian uses. The vendor has fixed the vulnerability in all affected versions.
EPSS
Процентиль: 12%
0.00042
Низкий
7.5 High
CVSS3
Дефекты
CWE-918