Описание
URL Restriction Bypass in GitHub repository plantuml/plantuml prior to V1.2022.5. An attacker can abuse this to bypass URL restrictions that are imposed by the different security profiles and achieve server side request forgery (SSRF). This allows accessing restricted internal resources/servers or sending requests to third party servers.
| Релиз | Статус | Примечание |
|---|---|---|
| bionic | ignored | end of standard support, was needs-triage |
| devel | not-affected | code not present |
| esm-apps/bionic | not-affected | code not present |
| esm-apps/focal | not-affected | code not present |
| esm-apps/jammy | not-affected | code not present |
| esm-apps/noble | not-affected | code not present |
| esm-apps/xenial | not-affected | code not present |
| focal | not-affected | code not present |
| impish | ignored | end of life |
| jammy | not-affected | code not present |
Показывать по
EPSS
6.4 Medium
CVSS2
9.1 Critical
CVSS3
Связанные уязвимости
URL Restriction Bypass in GitHub repository plantuml/plantuml prior to V1.2022.5. An attacker can abuse this to bypass URL restrictions that are imposed by the different security profiles and achieve server side request forgery (SSRF). This allows accessing restricted internal resources/servers or sending requests to third party servers.
URL Restriction Bypass in GitHub repository plantuml/plantuml prior to ...
URL Restriction Bypass in GitHub repository plantuml/plantuml prior to V1.2022.5. An attacker can abuse this to bypass URL restrictions that are imposed by the different security profiles and achieve server side request forgery (SSRF). This allows accessing restricted internal resources/servers or sending requests to third party servers.
EPSS
6.4 Medium
CVSS2
9.1 Critical
CVSS3