Server Side Request Forgery (SSRF) Affecting org.igniterealtime.openfire:xmppserver package, versions [,4.5.0)
Snyk CVSS
Attack Complexity
High
Scope
Changed
Integrity
High
Threat Intelligence
Exploit Maturity
Proof of concept
EPSS
70.89% (99th
percentile)
Do your applications use this vulnerable package?
In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.
Test your applications- Snyk ID SNYK-JAVA-ORGIGNITEREALTIMEOPENFIRE-474287
- published 24 Oct 2019
- disclosed 24 Oct 2019
- credit Unknown
Introduced: 24 Oct 2019
CVE-2019-18394 Open this link in a new tabHow to fix?
Upgrade org.igniterealtime.openfire:xmppserver
to version 4.5.0 or higher.
Overview
org.igniterealtime.openfire:xmppserver is an is a XMPP server licensed under the Open Source Apache License.
Affected versions of this package are vulnerable to Server Side Request Forgery (SSRF) in FaviconServlet.java
which allows attackers to send arbitrary HTTP GET requests.