Server-Side Request Forgery (SSRF) Affecting org.apache.hugegraph:hubble-be package, versions [,1.3.0)
Snyk CVSS
Attack Complexity
Low
Scope
Changed
Threat Intelligence
EPSS
0.04% (9th
percentile)
Do your applications use this vulnerable package?
In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.
Test your applications- Snyk ID SNYK-JAVA-ORGAPACHEHUGEGRAPH-6672140
- published 23 Apr 2024
- disclosed 22 Apr 2024
- credit 6right
Introduced: 22 Apr 2024
New CVE-2024-27347 Open this link in a new tabHow to fix?
Upgrade org.apache.hugegraph:hubble-be
to version 1.3.0 or higher.
Overview
Affected versions of this package are vulnerable to Server-Side Request Forgery (SSRF) due to improper validation of user-supplied URLs in the Hubble connection page. An attacker can send crafted requests that cause the server to make arbitrary requests to internal or external resources, potentially leading to sensitive information disclosure or unauthorized actions.