Server-Side Request Forgery in federated sharing API

link管理

链接快照平台

输入网页链接，自动生成快照
标签化管理网页链接

相关文章推荐

闯红灯的松球 · Freehunter | ...· 3 月前 ·

眉毛粗的回锅肉 · Pack Vertex | Wiki ...· 3 月前 ·

考研的西红柿 · 描写武术的网络小说 - 奇迹小说手机版· 10 月前 ·

成熟的刺猬 · python滑动平均步长-掘金· 10 月前 ·

忐忑的牛排 · verilog - Target ...· 1 年前 ·

Get started

Risk: medium

CVSS v3 Base Score: 5.3

CVSS v3 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

CWE ID: 918

CWE Name: Server-Side Request Forgery

CVE: CVE-2024-37012

Description

Server-Side Request Forgery in federated sharing API may allow an unauthenticated attacker to identify internal servers. Furthermore, due to improper timeout handling, the server could be affected by a Denial of Service attack.

Affected

ownCloud (owncloud/core) <10.15.0

Action taken

Upgrade ownCloud 10 Server to version 10.15.0 or above

Credits

The ownCloud Team would like to thank Gilles Petit for discovering these vulnerabilities.

推荐文章

闯红灯的松球 · Freehunter | 香港最大的Freelance平台

3 月前

眉毛粗的回锅肉 · Pack Vertex | Wiki Francophone Fortnite | Fandom

3 月前

考研的西红柿 · 描写武术的网络小说 - 奇迹小说手机版

10 月前

成熟的刺猬 · python滑动平均步长-掘金

10 月前

忐忑的牛排 · verilog - Target <tr26> of concurrent assignment or output port connection should be a net type - Electrical Engineering Stack Exc

1 年前

products

solutions

community

resources

partners

about us

Description

Affected

Action taken

Credits