PYSEC-2024-174

See a problem?

Import Source

https://github.com/pypa/advisory-database/blob/main/vulns/streampipes/PYSEC-2024-174.yaml

JSON Data

https://api.osv.dev/v1/vulns/PYSEC-2024-174

Aliases

Published

2024-07-17T09:15:02Z

Modified

2025-01-18T22:56:59.007500Z

Severity

4.3 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N CVSS Calculator

Summary

[none]

Details

Server-Side Request Forgery (SSRF) vulnerability in Apache StreamPipes during installation process of pipeline elements. Previously, StreamPipes allowed users to configure custom endpoints from which to install additional pipeline elements. These endpoints were not properly validated, allowing an attacker to get StreamPipes to send an HTTP GET request to an arbitrary address. This issue affects Apache StreamPipes: through 0.93.0.

Users are recommended to upgrade to version 0.95.0, which fixes the issue.

References

Affected packages

PyPI / streampipes

Package

Name: streampipes; View open source insights on deps.dev
Purl: pkg:pypi/streampipes

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

0.95.0

Affected versions

0.*

0.0.2.dev0

0.91.0

0.92.0

0.93.0