CVE-2022-25377
- EPSS 0.14%
- Veröffentlicht 22.02.2024 22:15:47
- Zuletzt bearbeitet 03.04.2025 13:17:44
The ACME-challenge endpoint in Appwrite 0.5.0 through 0.12.x before 0.12.2 allows remote attackers to read arbitrary local files via ../ directory traversal. In order to be vulnerable, APP_STORAGE_CERTIFICATES/.well-known/acme-challenge must exist on...
CVE-2024-1063
- EPSS 0.09%
- Veröffentlicht 30.01.2024 10:15:09
- Zuletzt bearbeitet 21.11.2024 08:49:42
Appwrite <= v1.4.13 is affected by a Server-Side Request Forgery (SSRF) via the '/v1/avatars/favicon' endpoint due to an incomplete fix of CVE-2023-27159.
CVE-2023-27159
- EPSS 84.69%
- Veröffentlicht 31.03.2023 19:15:07
- Zuletzt bearbeitet 18.02.2025 15:15:13
Appwrite up to v1.2.1 was discovered to contain a Server-Side Request Forgery (SSRF) via the component /v1/avatars/favicon. This vulnerability allows attackers to access network resources and sensitive information via a crafted GET request.
CVE-2022-2925
- EPSS 0.33%
- Veröffentlicht 09.09.2022 06:15:07
- Zuletzt bearbeitet 21.11.2024 07:01:55
Cross-site Scripting (XSS) - Stored in GitHub repository appwrite/appwrite prior to 1.0.0-RC1.
CVE-2021-23682
- EPSS 5.38%
- Veröffentlicht 16.02.2022 17:15:10
- Zuletzt bearbeitet 21.11.2024 05:51:51
This affects the package litespeed.js before 0.3.12; the package appwrite/server-ce from 0.12.0 and before 0.12.2, before 0.11.1. When parsing the query string in the getJsonFromUrl function, the key that is set in the result object is not properly s...