GHSA-fvx3-g627-phm2
Suggest an improvement- Source
- https://github.com/advisories/GHSA-fvx3-g627-phm2
- Import Source
- https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2019/04/GHSA-fvx3-g627-phm2/GHSA-fvx3-g627-phm2.json
- JSON Data
- https://api.osv.dev/v1/vulns/GHSA-fvx3-g627-phm2
- Aliases
- Published
- 2019-04-18T14:27:42Z
- Modified
- 2024-02-16T08:19:16.981144Z
- Severity
-
- 10.0 (Critical) CVSS_V3 - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H CVSS Calculator
- Summary
- Server-Side Request Forgery (SSRF) in com.ctrip.framework.apollo:apollo
- Details
-
An SSRF vulnerability was found in an API from Ctrip Apollo through 1.4.0-SNAPSHOT. An attacker may use it to do an intranet port scan or raise a GET request via
/system-info/healthbecause the%23substring is mishandled. - Database specific
{ "nvd_published_at": null, "cwe_ids": [ "CWE-918" ], "severity": "CRITICAL", "github_reviewed": true, "github_reviewed_at": "2020-06-16T21:35:29Z" }- References
Affected packages
Maven / com.ctrip.framework.apollo:apollo
Package
- Name
- com.ctrip.framework.apollo:apollo
- View open source insights on deps.dev
- Purl
- pkg:maven/com.ctrip.framework.apollo/apollo