CVE-2025-1447

See a problem?
Please try reporting it to the source first.

Source

https://cve.org/CVERecord?id=CVE-2025-1447

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-1447.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2025-1447

Published

2025-02-19T01:15:09.407Z

Modified

2026-04-02T12:32:36.741876Z

Severity

5.3 (Medium) CVSS_V4 - CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X CVSS Calculator

Summary

[none]

Details

A vulnerability was found in kasuganosoras Pigeon 1.0.177. It has been declared as critical. This vulnerability affects unknown code of the file /pigeon/imgproxy/index.php. The manipulation of the argument url leads to server-side request forgery. The attack can be initiated remotely. Upgrading to version 1.0.181 is able to address this issue. The patch is identified as 84cea5fe73141689da2e7ec8676d47435bd6423e. It is recommended to upgrade the affected component.

References

Affected packages

Git / github.com/kasuganosoras/pigeon

Affected ranges

Type: GIT
Repo: https://github.com/kasuganosoras/pigeon
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Fixed

84cea5fe73141689da2e7ec8676d47435bd6423e

Type: GIT
Repo: https://github.com/kasuganosoras/pigeon
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Fixed

731ce49449e17a5879e3336b93aa982c42745bde

Affected versions

1.*

1.0.150

1.0.155

1.0.156

1.0.160

1.0.162

1.0.168

1.0.172

1.0.175

1.0.175.1

1.0.175.2

1.0.175.3

1.0.177

1.0.181

Database specific

source

"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-1447.json"