Описание
WordPress before 4.5 does not consider octal and hexadecimal IP address formats when determining an intranet address, which allows remote attackers to bypass an intended SSRF protection mechanism via a crafted address.
| Релиз | Статус | Примечание |
|---|---|---|
| artful | ignored | end of life |
| bionic | not-affected | 4.5+dfsg-1 |
| cosmic | not-affected | 4.5+dfsg-1 |
| devel | not-affected | 4.5+dfsg-1 |
| disco | not-affected | 4.5+dfsg-1 |
| eoan | not-affected | 4.5+dfsg-1 |
| esm-apps/bionic | not-affected | 4.5+dfsg-1 |
| esm-apps/focal | not-affected | 4.5+dfsg-1 |
| esm-apps/jammy | not-affected | 4.5+dfsg-1 |
| esm-apps/noble | not-affected | 4.5+dfsg-1 |
Показывать по
EPSS
5 Medium
CVSS2
8.6 High
CVSS3
Связанные уязвимости
WordPress before 4.5 does not consider octal and hexadecimal IP address formats when determining an intranet address, which allows remote attackers to bypass an intended SSRF protection mechanism via a crafted address.
WordPress before 4.5 does not consider octal and hexadecimal IP addres ...
WordPress before 4.5 does not consider octal and hexadecimal IP address formats when determining an intranet address, which allows remote attackers to bypass an intended SSRF protection mechanism via a crafted address.
EPSS
5 Medium
CVSS2
8.6 High
CVSS3