stangirard/quivr version 0.0.236 contains a Server-Side Request Forgery (SSRF) vulnerability. The application does not provide sufficient controls when crawling a website, allowing an attacker to access applications on the local network. This vulnerability could allow a malicious user to gain access to internal servers, the AWS metadata endpoint, and capture Supabase data.
History

Tue, 20 Aug 2024 21:00:00 +0000

Type Values Removed Values Added
First Time appeared Quivr
Quivr quivr
CPEs cpe:2.3:a:quivr:quivr:0.0.236:*:*:*:*:*:*:*
Vendors & Products Quivr
Quivr quivr
Metrics cvssV3_1

{'score': 8.6, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N'}


cve-icon MITRE

Status: PUBLISHED

Assigner: @huntr_ai

Published: 2024-06-27T18:45:19.519Z

Updated: 2024-08-01T21:25:03.160Z

Reserved: 2024-06-11T21:40:44.149Z

Link: CVE-2024-5885

cve-icon Vulnrichment

Updated: 2024-08-01T21:25:03.160Z

cve-icon NVD

Status : Modified

Published: 2024-06-27T19:15:17.590

Modified: 2024-11-21T09:48:31.420

Link: CVE-2024-5885

cve-icon Redhat

No data.