Vulnerabilities > CVE-2017-20157 - Server-Side Request Forgery (SSRF) vulnerability in Ariadne-Cms Ariadne Component Library

CVSS 9.8 - CRITICAL

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

HIGH

Integrity impact

HIGH

Availability impact

HIGH

network

low complexity

ariadne-cms

CWE-918

critical

NVD

Published: 2022-12-31

Updated: 2024-05-17

Summary

A vulnerability was found in Ariadne Component Library up to 2.x. It has been classified as critical. Affected is an unknown function of the file src/url/Url.php. The manipulation leads to server-side request forgery. Upgrading to version 3.0 is able to address this issue. It is recommended to upgrade the affected component. The identifier of this vulnerability is VDB-217140.

Vulnerable Configurations

Part	Description	Count
Application	Ariadne-Cms Ariadne CMS Ariadne Component Library - Ariadne CMS Ariadne Component Library 1.0 Ariadne CMS Ariadne Component Library 1.0.1 Ariadne CMS Ariadne Component Library 1.0.2 Ariadne CMS Ariadne Component Library 1.1 Ariadne CMS Ariadne Component Library 2.0 Ariadne CMS Ariadne Component Library 2.1	7

Common Weakness Enumeration (CWE)

CWE-918 - Server-Side Request Forgery (SSRF)

Summary

Vulnerable Configurations

Common Weakness Enumeration (CWE)

References