A Server-Side Request Forgery (SSRF) vulnerability exists in the stangirard/quivr application, version 0.0.204, which allows attackers to access internal networks. The vulnerability is present in the crawl endpoint where the 'url' parameter can be manipulated to send HTTP requests to arbitrary URLs, thereby facilitating SSRF attacks. The affected code is located in the backend/routes/crawl_routes.py file, specifically within the crawl_endpoint function. This issue could allow attackers to interact with internal services that are accessible from the server hosting the application.
History

Thu, 17 Oct 2024 19:15:00 +0000

Type Values Removed Values Added
First Time appeared Quivr
Quivr quivr
CPEs cpe:2.3:a:quivr:quivr:0.0.204:*:*:*:*:*:*:*
Vendors & Products Quivr
Quivr quivr
Metrics cvssV3_1

{'score': 7.7, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N'}


cve-icon MITRE

Status: PUBLISHED

Assigner: @huntr_ai

Published: 2024-06-06T18:39:58.505Z

Updated: 2024-08-09T19:48:33.486Z

Reserved: 2024-05-13T21:25:46.851Z

Link: CVE-2024-4851

cve-icon Vulnrichment

Updated: 2024-08-01T20:55:10.012Z

cve-icon NVD

Status : Modified

Published: 2024-06-06T19:16:02.800

Modified: 2024-11-21T09:43:43.997

Link: CVE-2024-4851

cve-icon Redhat

No data.