Disclosure Date 2021/08/31

CVE-2021-32407

Server-Side Request Forgery (SSRF) vulnerability in Kallithea

Kallithea における SSRF (サーバサイドリクエストフォージェリ)

Credit

stypr (@stereotype32)

Affected-Versions

Kallithea: v0.6.2 and earlier

CWE

CWE-93

Description

Server-Side Request Forgery (SSRF) vulnerability in Kallithea - v0.1 up to v0.6.2 and fixed in v0.6.3, allows a remote authenticated attacker to execute a 'git clone' with a crafted URL, which allows them to send arbitrary packets into the local network accessible from the server.

Product-URLs

https://kallithea-scm.org/

Reference

https://kallithea-scm.org/security/20201201-stypr-2.html
https://kallithea-scm.org/repos/kallithea/changeset/a8a51a3bdb6181e498a862f84eb2d50928330a68

Back

CVE-2021-32407

Credit

Affected-Versions

CWE

Description

Product-URLs

Reference

会社情報

サービス紹介

お問い合わせ