Vulnerabilities > CVE-2021-27329 - Server-Side Request Forgery (SSRF) vulnerability in Frendi Frendica 2021.01

047910
CVSS 10.0 - CRITICAL
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
COMPLETE
Integrity impact
COMPLETE
Availability impact
COMPLETE
network
low complexity
frendi
CWE-918
critical

Summary

Friendica 2021.01 allows SSRF via parse_url?binurl= for DNS lookups or HTTP requests to arbitrary domain names.

Vulnerable Configurations

Part Description Count
Application
Frendi
1

Common Weakness Enumeration (CWE)