Résumé
@budibase/backend-core has potential SSRF DNS rebinding bypass in outbound fetch validation
Références
Vulnérabilités liées
Tout Supply chain →- HIGHGHSA-4Q6H-8P4V-67VQ
Budibase: SSRF via OAuth2 token endpoint URL reaches internal hosts and cloud metadata
- MEDIUMGHSA-C4V7-XG93-QF8G
Gogs has SSRF in webhook deliveries
- MEDIUMGHSA-7WWH-XCC3-9FCG
Paymenter has Blind Unauthenticated SSRF on the Paypal gateway module
- MEDIUMGHSA-C556-Q2MH-477V
OpenAM Authenticated Server-Side Request Forgery (SSRF) via `/sessionservice`
- HIGHGHSA-FFM6-VVPH-G5F5
OpenCTI has Semi-Blind SSRF via Unvalidated External URL in Data Ingestion Feature
- MEDIUMGHSA-H5RG-8P7F-47G2
SurrealDB: SSRF via JWKS URL — Redirect Following in JWT Key Fetch