stangirard/quivr version 0.0.236 contains a Server-Side Request Forgery (SSRF) vulnerability. The application does not provide sufficient controls when crawling a website, allowing an attacker to access applications on the local network. This vulnerability could allow a malicious user to gain access to internal servers, the AWS metadata endpoint, and capture Supabase data.
Metrics
Affected Vendors & Products
References
History
Tue, 20 Aug 2024 21:00:00 +0000
Type | Values Removed | Values Added |
---|---|---|
First Time appeared |
Quivr
Quivr quivr |
|
CPEs | cpe:2.3:a:quivr:quivr:0.0.236:*:*:*:*:*:*:* | |
Vendors & Products |
Quivr
Quivr quivr |
|
Metrics |
cvssV3_1
|
MITRE
Status: PUBLISHED
Assigner: @huntr_ai
Published: 2024-06-27T18:45:19.519Z
Updated: 2024-08-01T21:25:03.160Z
Reserved: 2024-06-11T21:40:44.149Z
Link: CVE-2024-5885
Vulnrichment
Updated: 2024-08-01T21:25:03.160Z
NVD
Status : Modified
Published: 2024-06-27T19:15:17.590
Modified: 2024-11-21T09:48:31.420
Link: CVE-2024-5885
Redhat
No data.