9.8
CVE-2017-20157
- EPSS 0.66%
- Veröffentlicht 31.12.2022 10:15:13
- Zuletzt bearbeitet 21.11.2024 03:22:46
- Quelle cna@vuldb.com
- CVE-Watchlists
- Unerledigt
LoginAriadne Component Library Url.php server-side request forgery
A vulnerability was found in Ariadne Component Library up to 2.x. It has been classified as critical. Affected is an unknown function of the file src/url/Url.php. The manipulation leads to server-side request forgery. Upgrading to version 3.0 is able to address this issue. It is recommended to upgrade the affected component. The identifier of this vulnerability is VDB-217140.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Ariadne-cms ≫ Ariadne Component Library Version < 3.0
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.66% | 0.468 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 9.8 | 3.9 | 5.9 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
|
| cna@vuldb.com | 5.5 | 2.1 | 3.4 |
CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
|
| cna@vuldb.com | 5.2 | 5.1 | 6.4 |
AV:A/AC:L/Au:S/C:P/I:P/A:P
|
CWE-918 Server-Side Request Forgery (SSRF)
The web server receives a URL or similar request from an upstream component and retrieves the contents of this URL, but it does not sufficiently ensure that the request is being sent to the expected destination.
https://github.com/Ariadne-CMS/arc-web/commit/1feb1cc11e6c9f218408f15f53f537ea0d788656
https://github.com/Ariadne-CMS/arc-web/releases/tag/3.0
https://vuldb.com/?ctiid.217140
https://vuldb.com/?id.217140