CVE-2024-31979

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2024-31979

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-31979.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2024-31979

Aliases

GHSA-9gr7-gh74-qg9x

Published

2024-07-17T09:15:02Z

Modified

2024-10-08T04:10:24.511653Z

Severity

4.3 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N CVSS Calculator

Summary

[none]

Details

Server-Side Request Forgery (SSRF) vulnerability in Apache StreamPipes during installation process of pipeline elements. Previously, StreamPipes allowed users to configure custom endpoints from which to install additional pipeline elements. These endpoints were not properly validated, allowing an attacker to get StreamPipes to send an HTTP GET request to an arbitrary address. This issue affects Apache StreamPipes: through 0.93.0.

Users are recommended to upgrade to version 0.95.0, which fixes the issue.

References

https://lists.apache.org/thread/8lryp3bxnby9kmk13odkz2jbfdjfvf0y

Affected packages

Git / github.com/apache/streampipes

Affected ranges

Type: GIT
Repo: https://github.com/apache/streampipes
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Fixed

30cbd0bee6afb63e9378b76e46b89790dc6e5e32

Affected versions

0.*

0.60.0

0.60.1

0.61.0

0.62.0

0.63.0

0.64.0

0.65.0

release/0.*

release/0.66.0

version-0.*

version-0.55.1

version-0.55.2