CVE-2024-5885
CVSS V2 None
CVSS V3 None
Description
stangirard/quivr version 0.0.236 contains a Server-Side Request Forgery (SSRF) vulnerability. The application does not provide sufficient controls when crawling a website, allowing an attacker to access applications on the local network. This vulnerability could allow a malicious user to gain access to internal servers, the AWS metadata endpoint, and capture Supabase data.
Overview
- CVE ID
- CVE-2024-5885
- Assigner
- @huntr_ai
- Vulnerability Status
- PUBLISHED
- Published Version
- 2024-06-27T18:45:19.519Z
- Last Modified Date
- 2024-06-27T18:45:19.519Z
Weakness Enumerations
References
| Reference URL | Reference Tags |
|---|---|
| https://huntr.com/bounties/c178bf48-1d4a-4743-87ca-4cc8e475d274 |
Sources
| Source Name | Source URL |
|---|---|
| NIST | https://nvd.nist.gov/vuln/detail/CVE-2024-5885 |
| MITRE | https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-5885 |
History
| Created | Old Value | New Value | Data Type | Notes |
|---|---|---|---|---|
| 2024-06-28 13:09:23 | Added to TrackCVE |