GHSA-ff3m-68vj-h86p
Suggest an improvement- Source
- https://github.com/advisories/GHSA-ff3m-68vj-h86p
- Import Source
- https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2023/06/GHSA-ff3m-68vj-h86p/GHSA-ff3m-68vj-h86p.json
- JSON Data
- https://api.osv.dev/v1/vulns/GHSA-ff3m-68vj-h86p
- Aliases
- Published
- 2023-06-27T15:30:29Z
- Modified
- 2024-02-20T05:27:29.979229Z
- Severity
-
- 7.2 (High) CVSS_V3 - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N CVSS Calculator
- Summary
- PlantUML Server-Side Request Forgery vulnerability
- Details
-
Server-Side Request Forgery (SSRF) in GitHub repository plantuml/plantuml prior to 1.2023.9.
- Database specific
{ "nvd_published_at": "2023-06-27T15:15:11Z", "severity": "HIGH", "github_reviewed": true, "cwe_ids": [ "CWE-918" ], "github_reviewed_at": "2023-06-27T17:15:16Z" }- References
-
- https://nvd.nist.gov/vuln/detail/CVE-2023-3432
- https://github.com/plantuml/plantuml/commit/b32500bb61ae617bb312496d6d832e4be8190797
- https://github.com/plantuml/plantuml
- https://huntr.dev/bounties/8ac3316f-431c-468d-87e4-3dafff2ecf51
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FV7XL3CY3K3K5ER3ASMEQA546MIQQ7QM
Affected packages
Maven / net.sourceforge.plantuml:plantuml-mit
Package
- Name
- net.sourceforge.plantuml:plantuml-mit
- View open source insights on deps.dev
- Purl
- pkg:maven/net.sourceforge.plantuml/plantuml-mit
Maven / net.sourceforge.plantuml:plantuml
Package
- Name
- net.sourceforge.plantuml:plantuml
- View open source insights on deps.dev
- Purl
- pkg:maven/net.sourceforge.plantuml/plantuml
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed1.2023.9
Affected versions
1.*
1.2017.12
1.2017.13
1.2017.14
1.2017.15
1.2017.16
1.2017.18
1.2017.19
1.2017.20
1.2018.0
1.2018.1
1.2018.2
1.2018.3
1.2018.4
1.2018.5
1.2018.6
1.2018.7
1.2018.8
1.2018.9
1.2018.10
1.2018.11
1.2018.12
1.2018.13
1.2018.14
1.2019.0
1.2019.1
1.2019.2
1.2019.3
1.2019.4
1.2019.5
1.2019.6
1.2019.7
1.2019.8
1.2019.9
1.2019.10
1.2019.11
1.2019.12
1.2019.13
1.2020.0
1.2020.1
1.2020.2
1.2020.3
1.2020.4
1.2020.6
1.2020.7
1.2020.8
1.2020.9
1.2020.10
1.2020.11
1.2020.12
1.2020.13
1.2020.14
1.2020.15
1.2020.16
1.2020.17
1.2020.18
1.2020.19
1.2020.20
1.2020.21
1.2020.22
1.2020.23
1.2020.24
1.2020.25
1.2020.26
1.2021.0
1.2021.1
1.2021.2
1.2021.3
1.2021.4
1.2021.5
1.2021.6
1.2021.7
1.2021.8
1.2021.9
1.2021.10
1.2021.12
1.2021.13
1.2021.14
1.2021.15
1.2021.16
1.2022.0
1.2022.1
1.2022.2
1.2022.3
1.2022.4
1.2022.5
1.2022.6
1.2022.7
1.2022.8
1.2022.12
1.2022.13
1.2022.14
1.2023.0
1.2023.1
1.2023.2
1.2023.4
1.2023.5
1.2023.6
1.2023.7
1.2023.8