CVE-2023-25230

See a problem?
Please try reporting it to the source first.

Source

https://cve.org/CVERecord?id=CVE-2023-25230

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2023-25230.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2023-25230

Published

2023-03-07T17:15:12.757Z

Modified

2026-04-10T04:56:33.228799Z

Severity

4.9 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H CVSS Calculator

Summary

[none]

Details

A Server-Side Request Forgery (SSRF) in loonflow r2.0.14 allows attackers to force the application to make arbitrary requests via manipulation of the hook_url parameter.

References

https://github.com/blackholll/loonflow/issues/402

Affected packages

Git / github.com/blackholll/loonflow

Affected ranges

Type

GIT

Repo

https://github.com/blackholll/loonflow

Events

Introduced

Last affected

c3f022e599dfe198c2927ec5470bd4417ae6e44c

Database specific

{
    "versions": [
        {
            "introduced": "0"
        },
        {
            "last_affected": "r2.0.14"
        }
    ]
}

Affected versions

r0.*

r0.3.10

r0.3.11

r0.3.12

r0.3.13

r0.3.14

r0.3.15

r0.3.16

r0.3.17

r0.3.18

r0.3.19

r0.3.20

r0.3.21

r0.3.22

r0.3.23

r0.3.8

r0.3.9

r1.*

r1.0.0

r1.0.0beta

r1.0.1

r1.0.2

r1.0.3

r1.0.4

r2.*

r2.0.0

r2.0.1

r2.0.10

r2.0.12

r2.0.13

r2.0.14

r2.0.2

r2.0.3

r2.0.4

r2.0.5

r2.0.6

r2.0.7

r2.0.8

r2.0.9

v0.*

v0.1.0

v0.2.0

v0.2.1

v0.2.2

v0.2.3

v0.3.0

v0.3.0rc

v0.3.1

v0.3.2

v0.3.3

v0.3.4

v0.3.5

v0.3.6

v0.3.7

Database specific

source

"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2023-25230.json"