exploitDog - Комплексное решение для обнаружения, оценки и устранения уязвимостей.

БДУ ФСТЭК

Microsoft MSRC

NVD

Oracle ELSA

Red Hat CVE

РЕД ОС

Rocky RLSA

SUSE CVRF

Ubuntu

Debian

Github

Количество 4

CVE-2021-25939

около 4 лет назад

In ArangoDB, versions v3.7.0 through v3.9.0-alpha.1 have a feature which allows downloading a Foxx service from a publicly available URL. This feature does not enforce proper filtering of requests performed internally, which can be abused by a highly-privileged attacker to perform blind SSRF and send internal requests to localhost.

CVSS3: 2.7

EPSS: Низкий

CVE-2021-25939

почти 4 года назад

In ArangoDB, versions v3.7.0 through v3.9.0-alpha.1 have a feature which allows downloading a Foxx service from a publicly available URL. This feature does not enforce proper filtering of requests performed internally, which can be abused by a highly-privileged attacker to perform blind SSRF and send internal requests to localhost.

CVSS3: 2.7

EPSS: Низкий

CVE-2021-25939

почти 4 года назад

In ArangoDB, versions v3.7.0 through v3.9.0-alpha.1 have a feature whi ...

CVSS3: 2.7

EPSS: Низкий

GHSA-vw3j-xfjf-6rj3

почти 4 года назад

In ArangoDB, versions v3.7.0 through v3.9.0-alpha.1 have a feature which allows downloading a Foxx service from a publicly available URL. This feature does not enforce proper filtering of requests performed internally, which can be abused by a highly-privileged attacker to perform blind SSRF and send internal requests to localhost.

EPSS: Низкий

Уязвимостей на страницу

Уязвимость	CVSS	EPSS	Опубликовано
CVE-2021-25939 In ArangoDB, versions v3.7.0 through v3.9.0-alpha.1 have a feature which allows downloading a Foxx service from a publicly available URL. This feature does not enforce proper filtering of requests performed internally, which can be abused by a highly-privileged attacker to perform blind SSRF and send internal requests to localhost.	CVSS3: 2.7	0% Низкий	около 4 лет назад
CVE-2021-25939 In ArangoDB, versions v3.7.0 through v3.9.0-alpha.1 have a feature which allows downloading a Foxx service from a publicly available URL. This feature does not enforce proper filtering of requests performed internally, which can be abused by a highly-privileged attacker to perform blind SSRF and send internal requests to localhost.	CVSS3: 2.7	0% Низкий	почти 4 года назад
CVE-2021-25939 In ArangoDB, versions v3.7.0 through v3.9.0-alpha.1 have a feature whi ...	CVSS3: 2.7	0% Низкий	почти 4 года назад
GHSA-vw3j-xfjf-6rj3 In ArangoDB, versions v3.7.0 through v3.9.0-alpha.1 have a feature which allows downloading a Foxx service from a publicly available URL. This feature does not enforce proper filtering of requests performed internally, which can be abused by a highly-privileged attacker to perform blind SSRF and send internal requests to localhost.		0% Низкий	почти 4 года назад

Уязвимостей на страницу