CVE-2019-9827

See a problem?
Please try reporting it to the source first.

Source

https://cve.org/CVERecord?id=CVE-2019-9827

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2019-9827.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2019-9827

Aliases

GHSA-mcg9-64cp-xwp7

Published

2019-07-03T21:15:10.670Z

Modified

2026-04-10T04:20:59.404224Z

Severity

9.8 (Critical) CVSS_V3 - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS Calculator

Summary

[none]

Details

Hawt Hawtio through 2.5.0 is vulnerable to SSRF, allowing a remote attacker to trigger an HTTP request from an affected server to an arbitrary host via the initial /proxy/ substring of a URI.

References

https://www.ciphertechs.com/hawtio-advisory/

Affected packages

Git / github.com/hawtio/hawtio

Affected ranges

Type

GIT

Repo

https://github.com/hawtio/hawtio

Events

Introduced

Last affected

0429a355545cf2325a8f88f6908388318290067c

Database specific

{
    "versions": [
        {
            "introduced": "0"
        },
        {
            "last_affected": "2.5.0"
        }
    ]
}

Affected versions

hawtio-1.*

hawtio-1.0

hawtio-1.1-SNAPSHOT

hawtio-1.2-M10

hawtio-1.2-M11

hawtio-1.2-M12

hawtio-1.2-M13

hawtio-1.2-M14

hawtio-1.2-M15

hawtio-1.2-M16

hawtio-1.2-M17

hawtio-1.2-M18

hawtio-1.2-M19

hawtio-1.2-M2

hawtio-1.2-M20

hawtio-1.2-M21

hawtio-1.2-M22

hawtio-1.2-M23

hawtio-1.2-M24

hawtio-1.2-M25

hawtio-1.2-M26

hawtio-1.2-M3

hawtio-1.2-M4

hawtio-1.2-M5

hawtio-1.2-M6

hawtio-1.2-M7

hawtio-1.2-M8

hawtio-1.2-M9

hawtio-1.2-SNAPSHOT

hawtio-1.2.0

hawtio-1.2.1

hawtio-1.2.2

hawtio-1.2.3

hawtio-1.3.0

hawtio-1.3.1

hawtio-1.4.0

hawtio-1.4.1

hawtio-1.4.10

hawtio-1.4.11

hawtio-1.4.12

hawtio-1.4.14

hawtio-1.4.15

hawtio-1.4.16

hawtio-1.4.17

hawtio-1.4.18

hawtio-1.4.19

hawtio-1.4.2

hawtio-1.4.20

hawtio-1.4.21

hawtio-1.4.22

hawtio-1.4.23

hawtio-1.4.24

hawtio-1.4.25

hawtio-1.4.26

hawtio-1.4.27

hawtio-1.4.28

hawtio-1.4.29

hawtio-1.4.3

hawtio-1.4.30

hawtio-1.4.31

hawtio-1.4.32

hawtio-1.4.33

hawtio-1.4.34

hawtio-1.4.35

hawtio-1.4.36

hawtio-1.4.37

hawtio-1.4.38

hawtio-1.4.39

hawtio-1.4.4

hawtio-1.4.40

hawtio-1.4.41

hawtio-1.4.42

hawtio-1.4.43

hawtio-1.4.44

hawtio-1.4.45

hawtio-1.4.46

hawtio-1.4.47

hawtio-1.4.48

hawtio-1.4.49

hawtio-1.4.5

hawtio-1.4.50

hawtio-1.4.51

hawtio-1.4.52

hawtio-1.4.53

hawtio-1.4.54

hawtio-1.4.55

hawtio-1.4.56

hawtio-1.4.57

hawtio-1.4.58

hawtio-1.4.59

hawtio-1.4.6

hawtio-1.4.60

hawtio-1.4.7

hawtio-1.4.8

hawtio-1.4.9

hawtio-2.*

hawtio-2.0-M1

hawtio-2.0-M2

hawtio-2.0-M3

hawtio-2.0-beta-1

hawtio-2.0-beta-2

hawtio-2.0.1

hawtio-2.0.2

hawtio-2.1.0

hawtio-2.2.0

hawtio-2.3.0

hawtio-2.4.0

hawtio-2.5.0

project-2.*

project-2.0.0

Database specific

source

"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2019-9827.json"