GHSA-jhm9-h84h-rw83
Suggest an improvement- Source
- https://github.com/advisories/GHSA-jhm9-h84h-rw83
- Import Source
- https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-jhm9-h84h-rw83/GHSA-jhm9-h84h-rw83.json
- JSON Data
- https://api.osv.dev/v1/vulns/GHSA-jhm9-h84h-rw83
- Aliases
- Published
- 2022-05-24T17:26:05Z
- Modified
- 2023-12-06T01:00:40.536642Z
- Severity
-
- 5.8 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N CVSS Calculator
- Summary
- phpBB Server-Side Request Forgery Vulnerability
- Details
-
A vulnerability exists in phpBB <v3.2.10 and <v3.3.1 which allowed remote image dimensions check to be used to SSRF.
- Database specific
{ "nvd_published_at": "2020-08-17T16:15:00Z", "github_reviewed_at": "2023-04-21T21:07:53Z", "severity": "MODERATE", "github_reviewed": true, "cwe_ids": [ "CWE-610", "CWE-918" ] }- References
-
- https://nvd.nist.gov/vuln/detail/CVE-2020-8226
- https://github.com/phpbb/phpbb-app/commit/0cfaaafb386d58576d200d56f1acdbcc2f2376e8
- https://github.com/phpbb/phpbb-app/commit/efc0a146bf12125eeb71d00470af774326a7bf0a
- https://github.com/FriendsOfPHP/security-advisories/blob/master/phpbb/phpbb/CVE-2020-8226.yaml
- https://github.com/phpbb/phpbb-app
- https://www.phpbb.com/community/viewtopic.php?f=14&t=2562631
- https://www.phpbb.com/community/viewtopic.php?f=14&t=2562636
Affected packages
Packagist / phpbb/phpbb
Package
- Name
- phpbb/phpbb
- Purl
- pkg:composer/phpbb/phpbb
Packagist / phpbb/phpbb
Package
- Name
- phpbb/phpbb
- Purl
- pkg:composer/phpbb/phpbb