GHSA-hhxh-qphc-v423

Suggest an improvement
Source
https://github.com/advisories/GHSA-hhxh-qphc-v423
Import Source
https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/09/GHSA-hhxh-qphc-v423/GHSA-hhxh-qphc-v423.json
JSON Data
https://api.osv.dev/v1/vulns/GHSA-hhxh-qphc-v423
Aliases
Published
2022-09-25T00:00:15Z
Modified
2024-02-22T05:23:21.999598Z
Severity
  • 4.3 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N CVSS Calculator
Summary
Nepxion Discovery vulnerable to potential Information Disclosure due to Server-Side Request Forgery
Details

Nepxion Discovery is a solution for Spring Cloud. Discovery is vulnerable to a potential Server-Side Request Forgery (SSRF). RouterResourceImpl uses RestTemplate’s getForEntity to retrieve the contents of a URL containing user-controlled input, potentially resulting in Information Disclosure. There is no patch available for this issue at time of publication. There are no known workarounds.

Database specific
{
    "nvd_published_at": "2022-09-24T05:15:00Z",
    "cwe_ids": [
        "CWE-918"
    ],
    "severity": "MODERATE",
    "github_reviewed": true,
    "github_reviewed_at": "2022-09-28T03:30:26Z"
}
References

Affected packages

Maven / com.nepxion:discovery

Package

Name
com.nepxion:discovery
View open source insights on deps.dev
Purl
pkg:maven/com.nepxion/discovery

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Last affected
6.16.2

Affected versions

Edgware.*

Edgware.1.0.0

Finchley.*

Finchley.1.0.0

1.*

1.0.0
1.0.1

2.*

2.0.0
2.0.1
2.0.2
2.0.3
2.0.4
2.0.5
2.0.6
2.0.7
2.0.8
2.0.9
2.0.10
2.0.11

3.*

3.0.0
3.0.1
3.1.0
3.2.0
3.2.1
3.2.2
3.3.0
3.3.1
3.3.2
3.3.3
3.3.4
3.3.5
3.3.6
3.3.7
3.3.8
3.3.9
3.3.10
3.3.11
3.3.12
3.3.13
3.3.14
3.3.15
3.3.16
3.3.17
3.3.18
3.3.19
3.3.20
3.3.21
3.3.22
3.3.23
3.3.24
3.3.25
3.3.26
3.3.27
3.3.28
3.3.29
3.3.30
3.3.31
3.4.0
3.4.1
3.4.2
3.4.3
3.4.4
3.4.5
3.4.6
3.4.7
3.4.8
3.4.9
3.5.0
3.5.1
3.5.2
3.5.3
3.5.4
3.5.5
3.5.6
3.5.7
3.5.8
3.5.9
3.6.0
3.6.1
3.6.2
3.6.3
3.6.4
3.6.5
3.6.6
3.6.7
3.6.8
3.6.9
3.6.10
3.6.11
3.6.12
3.6.13
3.6.14
3.6.15
3.6.16
3.6.17
3.6.18
3.6.19
3.6.20
3.7.0
3.7.1
3.7.2
3.7.3
3.7.4
3.7.5
3.7.6
3.7.7
3.7.8
3.7.9
3.7.10
3.7.11
3.7.12
3.8.0-RC1
3.8.0
3.8.1
3.8.2
3.8.2.1
3.8.2.2
3.8.2.3
3.8.2.4
3.8.2.5
3.8.2.6
3.8.3
3.8.4
3.8.4.1
3.8.5
3.8.5.1
3.8.5.2
3.8.6
3.8.6.1
3.8.6.2
3.8.7
3.8.8
3.8.9
3.8.10
3.8.11
3.8.12
3.8.13
3.9.0
3.9.1
3.9.2
3.10.0
3.10.1
3.10.2
3.10.3
3.10.4
3.10.5
3.10.6
3.10.7
3.10.8
3.11.0
3.11.1
3.11.2
3.11.3
3.11.4
3.11.5
3.11.6
3.11.7
3.11.8
3.11.9
3.12.0
3.12.1
3.12.2
3.13.0
3.13.1
3.13.2
3.13.3
3.13.4
3.13.5
3.13.6
3.13.7
3.13.8
3.13.9
3.13.10
3.13.11
3.13.12
3.13.13
3.14.0
3.15.0
3.16.0
3.16.1
3.16.2
3.16.3
3.16.4
3.16.5
3.16.6
3.16.7
3.17.0
3.18.0
3.19.0
3.20.0
3.20.1
3.20.2
3.20.3
3.21.0
3.22.0
3.23.0
3.24.0
3.25.0
3.26.0
3.27.0
3.28.0
3.28.1
3.29.0
3.30.0
3.31.0
3.32.0
3.33.0
3.33.1
3.33.2
3.34.0
3.35.0
3.36.0
3.37.0
3.38.0

4.*

4.0.0
4.0.1
4.0.2
4.0.3
4.0.4
4.0.5
4.0.6
4.0.7
4.0.8
4.0.9
4.1.0
4.1.1
4.1.2
4.1.3
4.1.4
4.1.5
4.1.6
4.1.7
4.1.8
4.1.9
4.2.0
4.2.1
4.2.2
4.2.3
4.2.4
4.2.5
4.2.6
4.2.7
4.2.8
4.2.9
4.3.0
4.3.1
4.3.2
4.3.3
4.3.4
4.3.5
4.3.6
4.3.7
4.3.8
4.3.9
4.3.10
4.3.11
4.3.12
4.3.13
4.3.14
4.3.15
4.3.16
4.3.17
4.3.18
4.3.19
4.3.20
4.7.0
4.7.1
4.7.2
4.7.3
4.7.4
4.7.5
4.7.6
4.7.7
4.7.8
4.7.9
4.7.10
4.7.11
4.7.12
4.8.0-RC1
4.8.0
4.8.1
4.8.2
4.8.2.1
4.8.2.2
4.8.2.3
4.8.2.4
4.8.2.5
4.8.2.6
4.8.3
4.8.4
4.8.4.1
4.8.5
4.8.5.1
4.8.5.2
4.8.6
4.8.6.1
4.8.6.2
4.8.7
4.8.8
4.8.9
4.8.10
4.8.11
4.8.12
4.8.13
4.9.0
4.9.1
4.9.2
4.10.0
4.10.1
4.10.2
4.10.3
4.10.4
4.10.5
4.10.6
4.10.7
4.10.8
4.11.0
4.11.1
4.11.2
4.11.3
4.11.4
4.11.5
4.11.6
4.11.7
4.11.8
4.11.9
4.12.0
4.12.1
4.12.2
4.13.0
4.13.1
4.13.2
4.13.3
4.13.4
4.13.5
4.13.6
4.13.7
4.13.8
4.13.9
4.13.10
4.13.11
4.13.12
4.13.13
4.14.0
4.15.0

5.*

5.0.0
5.0.0.1
5.0.0.2
5.0.1
5.0.2
5.0.3
5.0.4
5.0.5
5.0.6
5.0.7
5.0.8
5.1.0
5.1.1
5.1.2
5.2.0
5.2.1
5.2.2
5.2.3
5.2.4
5.2.5
5.2.6
5.2.7
5.2.8
5.3.0
5.3.1
5.3.2
5.3.3
5.3.4
5.3.5
5.3.6
5.3.7
5.3.8
5.3.9
5.4.0
5.4.1
5.4.2
5.5.0
5.5.1
5.5.2
5.5.3
5.5.4
5.5.5
5.5.6
5.5.7
5.5.8
5.5.9
5.5.10
5.5.11
5.5.12
5.5.13
5.6.0

6.*

6.0.0
6.0.1
6.0.2
6.0.3
6.0.4
6.0.5
6.0.6
6.0.7
6.1.0
6.2.0
6.3.0
6.3.1
6.3.2
6.3.3
6.5.0
6.6.0
6.7.0
6.8.0
6.9.0
6.10.0
6.11.0
6.12.0
6.12.1
6.12.2
6.12.3
6.12.4
6.12.5
6.12.6
6.12.7
6.12.8
6.12.9
6.12.10
6.12.11
6.13.0
6.13.1
6.14.0
6.15.0
6.16.0
6.16.1
6.16.2