Vulnerabilities > CVE-2020-25788 - Inclusion of Functionality from Untrusted Control Sphere vulnerability in Tt-Rss Tiny RSS 17.4

CVSS 6.8 - MEDIUM

Attack vector

NETWORK

Attack complexity

MEDIUM

Privileges required

NONE

Confidentiality impact

PARTIAL

Integrity impact

PARTIAL

Availability impact

PARTIAL

network

tt-rss

CWE-829

NVD

Published: 2020-09-19

Updated: 2020-09-29

Summary

An issue was discovered in Tiny Tiny RSS (aka tt-rss) before 2020-09-16. imgproxy in plugins/af_proxy_http/init.php mishandles $_REQUEST["url"] in an error message.

Vulnerable Configurations

Part	Description	Count
Application	Tt-Rss TT RSS Tiny Tiny RSS 17.4	1

Common Weakness Enumeration (CWE)

CWE-829 - Inclusion of Functionality from Untrusted Control Sphere

References

https://community.tt-rss.org/t/heads-up-several-vulnerabilities-fixed/3799
https://git.tt-rss.org/fox/tt-rss/commit/c3d14e1fa54c7dade7b1b7955575e2991396d7ef