admin/nvd-json-data-feeds
1
0
Fork 0
mirror of https://github.com/fkie-cad/nvd-json-data-feeds.git synced 2025-05-28 17:21:36 +00:00
Code Issues Packages Projects Releases Wiki Activity
nvd-json-data-feeds/CVE-2024/CVE-2024-378xx/CVE-2024-37818.json
cad-safe-bot 601e2757d3 Auto-Update: 2024-10-04T20:00:17.112039+00:00
2024-10-04 20:03:16 +00:00

71 lines
2.4 KiB
JSON
Raw Blame History

{
"id": "CVE-2024-37818",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-06-20T19:15:50.260",
"lastModified": "2024-10-04T19:15:16.273",
"vulnStatus": "Awaiting Analysis",
"cveTags": [
{
"sourceIdentifier": "cve@mitre.org",
"tags": [
"disputed"
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Strapi v4.24.4 was discovered to contain a Server-Side Request Forgery (SSRF) via the component /strapi.io/_next/image. This vulnerability allows attackers to scan for open ports or access sensitive information via a crafted GET request. NOTE: The Strapi Development Community argues that this issue is not valid. They contend that \"the strapi/admin was wrongly attributed a flaw that only pertains to the strapi.io website, and which, at the end of the day, does not pose any real SSRF risk to applications that make use of the Strapi library.\""
},
{
"lang": "es",
"value": "Se descubri\u00f3 que Strapi v4.24.4 conten\u00eda Server-Side Request Forgeryr (SSRF) a trav\u00e9s del componente /strapi.io/_next/image. Esta vulnerabilidad permite a los atacantes escanear en busca de puertos abiertos o acceder a informaci\u00f3n confidencial mediante una solicitud GET manipulada."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "CHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 8.6,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 4.0
}
]
},
"weaknesses": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-918"
}
]
}
],
"references": [
{
"url": "https://medium.com/%40barkadevaibhav491/server-side-request-forgery-in-strapi-e02d5fe218ab",
"source": "cve@mitre.org"
},
{
"url": "https://strapi.io/",
"source": "cve@mitre.org"
}
]
}
Reference in New Issue View Git Blame Copy Permalink