A Server-Side Request Forgery (SSRF) vulnerability exists in the stangirard/quivr application, version 0.0.204, which allows attackers to access internal networks. The vulnerability is present in the crawl endpoint where the 'url' parameter can be manipulated to send HTTP requests to arbitrary URLs, thereby facilitating SSRF attacks. The affected code is located in the backend/routes/crawl_routes.py file, specifically within the crawl_endpoint function. This issue could allow attackers to interact with internal services that are accessible from the server hosting the application.
Metrics
Affected Vendors & Products
References
History
Thu, 17 Oct 2024 19:15:00 +0000
Type | Values Removed | Values Added |
---|---|---|
First Time appeared |
Quivr
Quivr quivr |
|
CPEs | cpe:2.3:a:quivr:quivr:0.0.204:*:*:*:*:*:*:* | |
Vendors & Products |
Quivr
Quivr quivr |
|
Metrics |
cvssV3_1
|
MITRE
Status: PUBLISHED
Assigner: @huntr_ai
Published: 2024-06-06T18:39:58.505Z
Updated: 2024-08-09T19:48:33.486Z
Reserved: 2024-05-13T21:25:46.851Z
Link: CVE-2024-4851
Vulnrichment
Updated: 2024-08-01T20:55:10.012Z
NVD
Status : Modified
Published: 2024-06-06T19:16:02.800
Modified: 2024-11-21T09:43:43.997
Link: CVE-2024-4851
Redhat
No data.