Server-Side Request Forgery (SSRF) Affecting wandb package, versions [0,]
Threat Intelligence
Exploit Maturity
Proof of concept
EPSS
0.04% (9th
percentile)
Do your applications use this vulnerable package?
In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.
Test your applications- Snyk ID SNYK-PYTHON-WANDB-6860240
- published 16 May 2024
- disclosed 16 May 2024
- credit hiu240900
Introduced: 16 May 2024
CVE-2024-4642 Open this link in a new tabHow to fix?
There is no fixed version for wandb
.
Overview
wandb is an A CLI and library for interacting with the Weights and Biases API.
Affected versions of this package are vulnerable to Server-Side Request Forgery (SSRF) due to improper handling of HTTP 302 redirects. An attacker can access internal HTTP(s) servers by exploiting this vulnerability through the 'User settings -> Webhooks' function.
References
CVSS Scores
version 3.1