Vulnerabilities > Server-Side Request Forgery (SSRF)
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2019-12-30 | CVE-2018-20497 | Server-Side Request Forgery (SSRF) vulnerability in Gitlab An issue was discovered in GitLab Community and Enterprise Edition before 11.4.13, 11.5.x before 11.5.6, and 11.6.x before 11.6.1. | 4.0 |
2019-12-29 | CVE-2019-20055 | Server-Side Request Forgery (SSRF) vulnerability in Liquidpixels Liquifire OS 4.8.0 LuquidPixels LiquiFire OS 4.8.0 allows SSRF via the call%3Durl substring followed by a URL in square brackets. | 6.4 |
2019-12-26 | CVE-2019-19999 | Server-Side Request Forgery (SSRF) vulnerability in Halo Halo before 1.2.0-beta.1 allows Server Side Template Injection (SSTI) because TemplateClassResolver.SAFER_RESOLVER is not used in the FreeMarker configuration. | 6.5 |
2019-12-11 | CVE-2019-18379 | Server-Side Request Forgery (SSRF) vulnerability in Symantec Messaging Gateway Symantec Messaging Gateway, prior to 10.7.3, may be susceptible to a server-side request forgery (SSRF) exploit, which is a type of issue that can let an attacker send crafted requests from the backend server of a vulnerable web application or access services available through the loopback interface. | 7.5 |
2019-11-13 | CVE-2019-16948 | Server-Side Request Forgery (SSRF) vulnerability in Enghouse web Chat 6.1.300.31 An SSRF issue was discovered in Enghouse Web Chat 6.1.300.31. | 7.5 |
2019-11-06 | CVE-2019-8156 | Server-Side Request Forgery (SSRF) vulnerability in Magento A server-side request forgery (SSRF) vulnerability exists in Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3 or 2.3.2-p1. | 6.5 |
2019-11-06 | CVE-2019-8151 | Server-Side Request Forgery (SSRF) vulnerability in Magento A remote code execution vulnerability exists in Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3 or 2.3.2-p1. | 6.5 |
2019-10-24 | CVE-2019-18394 | Server-Side Request Forgery (SSRF) vulnerability in Igniterealtime Openfire A Server Side Request Forgery (SSRF) vulnerability in FaviconServlet.java in Ignite Realtime Openfire through 4.4.2 allows attackers to send arbitrary HTTP GET requests. | 7.5 |
2019-10-23 | CVE-2019-18355 | Server-Side Request Forgery (SSRF) vulnerability in Thycotic Secret Server An SSRF issue was discovered in the legacy Web launcher in Thycotic Secret Server before 10.7. | 7.5 |
2019-10-21 | CVE-2019-17400 | Server-Side Request Forgery (SSRF) vulnerability in Universal Office Converter Project Universal Office Converter The unoconv package before 0.9 mishandles untrusted pathnames, leading to SSRF and local file inclusion. | 5.0 |