CVE-2023-3432

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2023-3432

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2023-3432.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2023-3432

Aliases

GHSA-ff3m-68vj-h86p

Downstream

DEBIAN-CVE-2023-3432

Related

UBUNTU-CVE-2023-3432

Published

2023-06-27T14:30:23.442Z

Modified

2025-12-04T23:53:19.889454Z

Severity

7.2 (High) CVSS_V3 - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N CVSS Calculator

Summary

Server-Side Request Forgery (SSRF) in plantuml/plantuml

Details

Server-Side Request Forgery (SSRF) in GitHub repository plantuml/plantuml prior to 1.2023.9.

Database specific

{
    "cwe_ids": [
        "CWE-918"
    ],
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2023/3xxx/CVE-2023-3432.json",
    "cna_assigner": "@huntrdev"
}

References

Affected packages

Git / github.com/plantuml/plantuml

Affected ranges

Type: GIT
Repo: https://github.com/plantuml/plantuml
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Fixed

74574c4f57d8d56b0e740b64e3d005ed071b2da2

Affected versions

v1.*

v1.2017.12

v1.2017.13

v1.2017.14

v1.2017.15

v1.2017.17

v1.2017.18

v1.2017.19

v1.2017.20

v1.2018.0

v1.2018.1

v1.2018.10

v1.2018.11

v1.2018.12

v1.2018.13

v1.2018.14

v1.2018.2

v1.2018.3

v1.2018.4

v1.2018.5

v1.2018.6

v1.2018.7

v1.2018.8

v1.2018.9

v1.2019.0

v1.2019.1

v1.2019.10

v1.2019.11

v1.2019.12

v1.2019.13

v1.2019.2

v1.2019.4

v1.2019.5

v1.2019.6

v1.2019.7

v1.2019.8

v1.2019.9

v1.2020.0

v1.2020.1

v1.2020.10

v1.2020.11

v1.2020.12

v1.2020.13

v1.2020.14

v1.2020.15

v1.2020.16

v1.2020.17

v1.2020.18

v1.2020.19

v1.2020.2

v1.2020.20

v1.2020.21

v1.2020.22

v1.2020.23

v1.2020.24

v1.2020.26

v1.2020.3

v1.2020.4

v1.2020.6

v1.2020.7

v1.2020.8

v1.2020.9

v1.2021.0

v1.2021.1

v1.2021.10

v1.2021.12

v1.2021.13

v1.2021.14

v1.2021.15

v1.2021.16

v1.2021.2

v1.2021.3

v1.2021.4

v1.2021.5

v1.2021.6

v1.2021.7

v1.2021.8

v1.2021.9

v1.2022.0

v1.2022.1

v1.2022.10

v1.2022.11

v1.2022.12

v1.2022.13

v1.2022.14

v1.2022.2

v1.2022.3

v1.2022.4

v1.2022.5

v1.2022.6

v1.2022.7

v1.2022.8

v1.2022.9

v1.2023.0

v1.2023.1

v1.2023.2

v1.2023.3

v1.2023.4

v1.2023.5

v1.2023.6

v1.2023.7

v1.2023.8

v2017.*

v2017.08

v2017.09

v2017.11

Other

v8059

Database specific

vanir_signatures

[
    {
        "signature_version": "v1",
        "signature_type": "Function",
        "id": "CVE-2023-3432-61a93759",
        "digest": {
            "length": 46.0,
            "function_hash": "298906704308918028270331362808751815864"
        },
        "source": "https://github.com/plantuml/plantuml/commit/74574c4f57d8d56b0e740b64e3d005ed071b2da2",
        "target": {
            "file": "src/net/sourceforge/plantuml/version/Version.java",
            "function": "compileTime"
        },
        "deprecated": false
    },
    {
        "signature_version": "v1",
        "signature_type": "Line",
        "id": "CVE-2023-3432-e20c112d",
        "digest": {
            "line_hashes": [
                "146867373125416096968169019915169602019",
                "320494320065182875017058654916922282389",
                "324161394208363568244320877044827652010",
                "34278620398819972444563889680577394316",
                "90120288795734310982317362690670181298",
                "280230260526823074946512142599682136304",
                "91068408516048719293487979281481862466",
                "258655926181888410938968616109502645971"
            ],
            "threshold": 0.9
        },
        "source": "https://github.com/plantuml/plantuml/commit/74574c4f57d8d56b0e740b64e3d005ed071b2da2",
        "target": {
            "file": "src/net/sourceforge/plantuml/version/Version.java"
        },
        "deprecated": false
    }
]

source

"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2023-3432.json"