Vulnerabilities > Appsmith > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-11-04 | CVE-2024-51408 | Server-Side Request Forgery (SSRF) vulnerability in Appsmith AppSmith Community 1.8.3 before 1.46 allows SSRF via New DataSource for application/json requests to 169.254.169.254 to retrieve AWS metadata credentials. | 6.5 |
| 2022-11-21 | CVE-2022-4096 | Server-Side Request Forgery (SSRF) vulnerability in Appsmith Server-Side Request Forgery (SSRF) in GitHub repository appsmithorg/appsmith prior to 1.8.2. | 6.5 |
| 2022-09-12 | CVE-2022-38299 | Unspecified vulnerability in Appsmith 1.7.11 An issue in the Elasticsearch plugin of Appsmith v1.7.11 allows attackers to connect disallowed hosts to the AWS/GCP internal metadata endpoint. | 4.3 |