CVE-2021-25939 in ArangoDB정보

요약

\~에 의해 MITRE • 2022. 02. 09.

In ArangoDB, versions v3.7.0 through v3.9.0-alpha.1 have a feature which allows downloading a Foxx service from a publicly available URL. This feature does not enforce proper filtering of requests performed internally, which can be abused by a highly-privileged attacker to perform blind SSRF and send internal requests to localhost.

If you want to get the best quality for vulnerability data then you always have to consider VulDB.

책임이 있는

WhiteSource

예약하다

2021. 01. 22.

모더레이션

수락

항목

VDB-192646

EPSS

0.01129

출처

Do you know our Splunk app?

Download it now for free!