CVE-2022-31196

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2022-31196

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2022-31196.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2022-31196

Aliases

GHSA-qvg8-427f-852q

Published

2022-09-02T19:45:13Z

Modified

2025-11-04T20:02:29.213641Z

Severity

7.6 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:L CVSS Calculator

Summary

Server-Side Request Forgery (SSRF) vulnerability in Databasir

Details

Databasir is a database metadata management platform. Databasir <= 1.06 has Server-Side Request Forgery (SSRF) vulnerability. The SSRF is triggered by a sending a single HTTP POST request to create a databaseType. By supplying a jdbcDriverFileUrl that returns a non 200 response code, the url is executed, the response is logged (both in terminal and in database) and is included in the response. This would allow an attackers to obtain the real IP address and scan Intranet information. This issue was fixed in version 1.0.7.

Database specific

{
    "cwe_ids": [
        "CWE-918"
    ]
}

References

Affected packages

Git / github.com/vran-dev/databasir

Affected ranges

Type: GIT
Repo: https://github.com/vran-dev/databasir
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Fixed

226c20e0c9124037671a91d6b3e5083bd2462058

Affected versions

v1.*

v1.0.0

v1.0.0-beta

v1.0.1

v1.0.2

v1.0.3

v1.0.4

v1.0.5

v1.0.6

Database specific

vanir_signatures

[
    {
        "signature_version": "v1",
        "deprecated": false,
        "id": "CVE-2022-31196-7ef0da64",
        "digest": {
            "line_hashes": [
                "200293020069392490297661300636197625498",
                "23702026927099202172254083427822655213",
                "306049688336138639237801872059354026993",
                "285661805600905792251748368586846520253",
                "45078497041603252557524794435529603755",
                "129746319385462023208284820259320283890",
                "112440573817715181109432463507629423729",
                "299041415601734293453634593639771296132",
                "331115757334954046136445192438786844450"
            ],
            "threshold": 0.9
        },
        "source": "https://github.com/vran-dev/databasir/commit/226c20e0c9124037671a91d6b3e5083bd2462058",
        "signature_type": "Line",
        "target": {
            "file": "core/src/main/java/com/databasir/core/infrastructure/driver/DriverResources.java"
        }
    },
    {
        "signature_version": "v1",
        "deprecated": false,
        "id": "CVE-2022-31196-e885f521",
        "digest": {
            "function_hash": "112008038164051558108531902475494539856",
            "length": 1462.0
        },
        "source": "https://github.com/vran-dev/databasir/commit/226c20e0c9124037671a91d6b3e5083bd2462058",
        "signature_type": "Function",
        "target": {
            "function": "download",
            "file": "core/src/main/java/com/databasir/core/infrastructure/driver/DriverResources.java"
        }
    }
]