Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2024-39954

Summary
Assigner-apache
Assigner Org ID-f0158376-9dc2-43b6-827c-5f631a4d8d09
Published At-20 Aug, 2025 | 08:56
Updated At-20 Aug, 2025 | 13:20
Rejected At-
Credits

Apache EventMesh Runtime: SSRF

CWE-918 Server-Side Request Forgery (SSRF) in eventmesh-runtime module in WebhookUtil.java on windows\linux\mac os e.g. allows the attacker can abuse functionality on the server to read or update internal resources. Users are recommended to upgrade to version 1.12.0 or use the master branch , which fixes this issue.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
â–¼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:apache
Assigner Org ID:f0158376-9dc2-43b6-827c-5f631a4d8d09
Published At:20 Aug, 2025 | 08:56
Updated At:20 Aug, 2025 | 13:20
Rejected At:
â–¼CVE Numbering Authority (CNA)
Apache EventMesh Runtime: SSRF

CWE-918 Server-Side Request Forgery (SSRF) in eventmesh-runtime module in WebhookUtil.java on windows\linux\mac os e.g. allows the attacker can abuse functionality on the server to read or update internal resources. Users are recommended to upgrade to version 1.12.0 or use the master branch , which fixes this issue.

Affected Products
Vendor
The Apache Software FoundationApache Software Foundation
Product
Apache EventMesh Runtime
Collection URL
https://repo.maven.apache.org/maven2
Package Name
org.apache.eventmesh:eventmesh-runtime
Default Status
unaffected
Versions
Affected
  • From 1.6.0 through 1.11.0 (semver)
Problem Types
TypeCWE IDDescription
CWECWE-918CWE-918 Server-Side Request Forgery (SSRF)
Type: CWE
CWE ID: CWE-918
Description: CWE-918 Server-Side Request Forgery (SSRF)
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Textual description of severity
text:
low
Impacts
CAPEC IDDescription
Solutions

Configurations

Workarounds

Exploits

Credits

reporter
Mak1r 808 <808mak1r@gmail.com>
Timeline
EventDate
Replaced By

Rejected Reason

References
HyperlinkResource
https://lists.apache.org/thread/v6c96zygqx8xc2k3n2d59mgnm5txhkon
vendor-advisory
Hyperlink: https://lists.apache.org/thread/v6c96zygqx8xc2k3n2d59mgnm5txhkon
Resource:
vendor-advisory
â–¼Authorized Data Publishers (ADP)
CISA ADP Vulnrichment
Affected Products
Metrics
VersionBase scoreBase severityVector
3.16.3MEDIUM
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L
Version: 3.1
Base score: 6.3
Base severity: MEDIUM
Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions

Configurations

Workarounds

Exploits

Credits

Timeline
EventDate
Replaced By

Rejected Reason

References
HyperlinkResource
Information is not available yet
â–¼National Vulnerability Database (NVD)
nvd.nist.gov
Source:security@apache.org
Published At:20 Aug, 2025 | 09:15
Updated At:21 Aug, 2025 | 18:25

CWE-918 Server-Side Request Forgery (SSRF) in eventmesh-runtime module in WebhookUtil.java on windows\linux\mac os e.g. allows the attacker can abuse functionality on the server to read or update internal resources. Users are recommended to upgrade to version 1.12.0 or use the master branch , which fixes this issue.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Secondary3.16.3MEDIUM
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L
Type: Secondary
Version: 3.1
Base score: 6.3
Base severity: MEDIUM
Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L
CPE Matches

The Apache Software Foundation
apache
>>eventmesh>>Versions before 1.12.0(exclusive)
cpe:2.3:a:apache:eventmesh:*:*:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
CWE-918Secondarysecurity@apache.org
CWE ID: CWE-918
Type: Secondary
Source: security@apache.org
Evaluator Description

Evaluator Impact

Evaluator Solution

Vendor Statements

References
HyperlinkSourceResource
https://lists.apache.org/thread/v6c96zygqx8xc2k3n2d59mgnm5txhkonsecurity@apache.org
Mailing List
Hyperlink: https://lists.apache.org/thread/v6c96zygqx8xc2k3n2d59mgnm5txhkon
Source: security@apache.org
Resource:
Mailing List

Change History

0
Information is not available yet

Similar CVEs

77Records found

CVE-2025-54466
Matching Score-8
Assigner-Apache Software Foundation
ShareView Details
Matching Score-8
Assigner-Apache Software Foundation
CVSS Score-6.3||MEDIUM
EPSS-14.95% / 96.33%
||
7 Day CHG+0.96%
Published-15 Aug, 2025 | 14:13
Updated-26 Feb, 2026 | 17:48
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Apache OFBiz: RCE Vulnerability in scrum plugin

Improper Control of Generation of Code ('Code Injection') vulnerability leading to a possible RCE in Apache OFBiz scrum plugin. This issue affects Apache OFBiz: before 24.09.02 only when the scrum plugin is used. Even unauthenticated attackers can exploit this vulnerability. Users are recommended to upgrade to version 24.09.02, which fixes the issue.

Action-Not Available
Vendor-The Apache Software Foundation
Product-ofbizApache OFBiz
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CVE-2024-24795
Matching Score-8
Assigner-Apache Software Foundation
ShareView Details
Matching Score-8
Assigner-Apache Software Foundation
CVSS Score-6.3||MEDIUM
EPSS-2.87% / 85.26%
||
7 Day CHG~0.00%
Published-04 Apr, 2024 | 19:20
Updated-30 Jun, 2025 | 12:55
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Apache HTTP Server: HTTP Response Splitting in multiple modules

HTTP Response splitting in multiple modules in Apache HTTP Server allows an attacker that can inject malicious response headers into backend applications to cause an HTTP desynchronization attack. Users are recommended to upgrade to version 2.4.59, which fixes this issue.

Action-Not Available
Vendor-Broadcom Inc.Debian GNU/LinuxFedora ProjectThe Apache Software FoundationApple Inc.NetApp, Inc.
Product-ontapontap_toolshttp_serverdebian_linuxfabric_operating_systemfedoramacosApache HTTP Server
CWE ID-CWE-113
Improper Neutralization of CRLF Sequences in HTTP Headers ('HTTP Request/Response Splitting')
CWE ID-CWE-444
Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling')
CVE-2020-11988
Matching Score-6
Assigner-Apache Software Foundation
ShareView Details
Matching Score-6
Assigner-Apache Software Foundation
CVSS Score-8.2||HIGH
EPSS-6.65% / 93.12%
||
7 Day CHG~0.00%
Published-24 Feb, 2021 | 17:05
Updated-04 Aug, 2024 | 11:48
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Apache XmlGraphics Commons 2.4 and earlier is vulnerable to server-side request forgery, caused by improper input validation by the XMPParser. By using a specially-crafted argument, an attacker could exploit this vulnerability to cause the underlying server to make arbitrary GET requests. Users should upgrade to 2.6 or later.

Action-Not Available
Vendor-n/aThe Apache Software FoundationFedora Project
Product-xmlgraphics_commonsfedoraApache XmlGraphics Commons
CWE ID-CWE-918
Server-Side Request Forgery (SSRF)
CWE ID-CWE-20
Improper Input Validation
CVE-2020-11980
Matching Score-6
Assigner-Apache Software Foundation
ShareView Details
Matching Score-6
Assigner-Apache Software Foundation
CVSS Score-6.3||MEDIUM
EPSS-1.88% / 77.07%
||
7 Day CHG~0.00%
Published-12 Jun, 2020 | 21:55
Updated-04 Aug, 2024 | 11:48
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In Karaf, JMX authentication takes place using JAAS and authorization takes place using ACL files. By default, only an "admin" can actually invoke on an MBean. However there is a vulnerability there for someone who is not an admin, but has a "viewer" role. In the 'etc/jmx.acl.cfg', such as role can call get*. It's possible to authenticate as a viewer role + invokes on the MLet getMBeansFromURL method, which goes off to a remote server to fetch the desired MBean, which is then registered in Karaf. At this point the attack fails as "viewer" doesn't have the permission to invoke on the MBean. Still, it could act as a SSRF style attack and also it essentially allows a "viewer" role to pollute the MBean registry, which is a kind of privilege escalation. The vulnerability is low as it's possible to add a ACL to limit access. Users should update to Apache Karaf 4.2.9 or newer.

Action-Not Available
Vendor-n/aThe Apache Software Foundation
Product-karafApache Karaf
CWE ID-CWE-918
Server-Side Request Forgery (SSRF)
CVE-2023-25195
Matching Score-6
Assigner-Apache Software Foundation
ShareView Details
Matching Score-6
Assigner-Apache Software Foundation
CVSS Score-8.1||HIGH
EPSS-0.98% / 58.34%
||
7 Day CHG~0.00%
Published-28 Mar, 2023 | 11:16
Updated-23 Oct, 2024 | 16:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Apache Fineract: SSRF template type vulnerability in certain authenticated users

Server-Side Request Forgery (SSRF) vulnerability in Apache Software Foundation Apache Fineract. Authorized users with limited permissions can gain access to server and may be able to use server for any outbound traffic.  This issue affects Apache Fineract: from 1.4 through 1.8.3.

Action-Not Available
Vendor-The Apache Software Foundation
Product-fineractApache Fineractfineract
CWE ID-CWE-918
Server-Side Request Forgery (SSRF)
CVE-2023-25753
Matching Score-6
Assigner-Apache Software Foundation
ShareView Details
Matching Score-6
Assigner-Apache Software Foundation
CVSS Score-6.5||MEDIUM
EPSS-0.84% / 53.71%
||
7 Day CHG~0.00%
Published-19 Oct, 2023 | 08:35
Updated-12 Sep, 2024 | 20:32
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Server-Side Request Forgery in Apache ShenYu

There exists an SSRF (Server-Side Request Forgery) vulnerability located at the /sandbox/proxyGateway endpoint. This vulnerability allows us to manipulate arbitrary requests and retrieve corresponding responses by inputting any URL into the requestUrl parameter. Of particular concern is our ability to exert control over the HTTP method, cookies, IP address, and headers. This effectively grants us the capability to dispatch complete HTTP requests to hosts of our choosing. This issue affects Apache ShenYu: 2.5.1. Upgrade to Apache ShenYu 2.6.0 or apply patch  https://github.com/apache/shenyu/pull/4776  .

Action-Not Available
Vendor-The Apache Software Foundation
Product-shenyuApache ShenYu
CWE ID-CWE-918
Server-Side Request Forgery (SSRF)
CVE-2023-25504
Matching Score-6
Assigner-Apache Software Foundation
ShareView Details
Matching Score-6
Assigner-Apache Software Foundation
CVSS Score-4.9||MEDIUM
EPSS-0.95% / 57.25%
||
7 Day CHG~0.00%
Published-17 Apr, 2023 | 16:29
Updated-13 Feb, 2025 | 17:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Apache Superset: Possible SSRF on import datasets

A malicious actor who has been authenticated and granted specific permissions in Apache Superset may use the import dataset feature in order to conduct Server-Side Request Forgery attacks and query internal resources on behalf of the server where Superset is deployed. This vulnerability exists in Apache Superset versions up to and including 2.0.1.

Action-Not Available
Vendor-The Apache Software Foundation
Product-supersetApache Superset
CWE ID-CWE-918
Server-Side Request Forgery (SSRF)
CVE-2019-17566
Matching Score-6
Assigner-Apache Software Foundation
ShareView Details
Matching Score-6
Assigner-Apache Software Foundation
CVSS Score-7.5||HIGH
EPSS-10.74% / 95.33%
||
7 Day CHG~0.00%
Published-12 Nov, 2020 | 00:00
Updated-05 Aug, 2024 | 01:40
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Apache Batik is vulnerable to server-side request forgery, caused by improper input validation by the "xlink:href" attributes. By using a specially-crafted argument, an attacker could exploit this vulnerability to cause the underlying server to make arbitrary GET requests.

Action-Not Available
Vendor-n/aThe Apache Software FoundationOracle Corporation
Product-communications_metasolv_solutioncommunications_offline_mediation_controllerenterprise_repositorybusiness_intelligenceretail_integration_busretail_returns_managementbatikretail_point-of-servicecommunications_application_session_controllerretail_order_brokerfinancial_services_analytical_applications_infrastructurehyperion_financial_reportinginstantis_enterprisetrackfusion_middleware_mapviewerhospitality_opera_5retail_order_management_system_cloud_servicejd_edwards_enterpriseone_toolsapi_gatewayApache Batik
CWE ID-CWE-918
Server-Side Request Forgery (SSRF)
CVE-2025-27817
Matching Score-6
Assigner-Apache Software Foundation
ShareView Details
Matching Score-6
Assigner-Apache Software Foundation
CVSS Score-7.5||HIGH
EPSS-63.64% / 99.12%
||
7 Day CHG+1.27%
Published-10 Jun, 2025 | 07:55
Updated-11 Jul, 2025 | 16:58
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Apache Kafka Client: Arbitrary file read and SSRF vulnerability

A possible arbitrary file read and SSRF vulnerability has been identified in Apache Kafka Client. Apache Kafka Clients accept configuration data for setting the SASL/OAUTHBEARER connection with the brokers, including "sasl.oauthbearer.token.endpoint.url" and "sasl.oauthbearer.jwks.endpoint.url". Apache Kafka allows clients to read an arbitrary file and return the content in the error log, or sending requests to an unintended location. In applications where Apache Kafka Clients configurations can be specified by an untrusted party, attackers may use the "sasl.oauthbearer.token.endpoint.url" and "sasl.oauthbearer.jwks.endpoint.url" configuratin to read arbitrary contents of the disk and environment variables or make requests to an unintended location. In particular, this flaw may be used in Apache Kafka Connect to escalate from REST API access to filesystem/environment/URL access, which may be undesirable in certain environments, including SaaS products. Since Apache Kafka 3.9.1/4.0.0, we have added a system property ("-Dorg.apache.kafka.sasl.oauthbearer.allowed.urls") to set the allowed urls in SASL JAAS configuration. In 3.9.1, it accepts all urls by default for backward compatibility. However in 4.0.0 and newer, the default value is empty list and users have to set the allowed urls explicitly.

Action-Not Available
Vendor-The Apache Software Foundation
Product-kafkaApache Kafka Client
CWE ID-CWE-918
Server-Side Request Forgery (SSRF)
CVE-2022-46364
Matching Score-6
Assigner-Apache Software Foundation
ShareView Details
Matching Score-6
Assigner-Apache Software Foundation
CVSS Score-9.8||CRITICAL
EPSS-1.93% / 77.73%
||
7 Day CHG~0.00%
Published-13 Dec, 2022 | 16:20
Updated-22 Apr, 2025 | 03:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Apache CXF SSRF Vulnerability

A SSRF vulnerability in parsing the href attribute of XOP:Include in MTOM requests in versions of Apache CXF before 3.5.5 and 3.4.10 allows an attacker to perform SSRF style attacks on webservices that take at least one parameter of any type. 

Action-Not Available
Vendor-The Apache Software Foundation
Product-cxfApache CXF
CWE ID-CWE-918
Server-Side Request Forgery (SSRF)
CVE-2022-44729
Matching Score-6
Assigner-Apache Software Foundation
ShareView Details
Matching Score-6
Assigner-Apache Software Foundation
CVSS Score-7.1||HIGH
EPSS-0.79% / 52.03%
||
7 Day CHG~0.00%
Published-22 Aug, 2023 | 14:12
Updated-13 Feb, 2025 | 17:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Apache XML Graphics Batik: Information disclosure vulnerability

Server-Side Request Forgery (SSRF) vulnerability in Apache Software Foundation Apache XML Graphics Batik.This issue affects Apache XML Graphics Batik: 1.16. On version 1.16, a malicious SVG could trigger loading external resources by default, causing resource consumption or in some cases even information disclosure. Users are recommended to upgrade to version 1.17 or later.

Action-Not Available
Vendor-Debian GNU/LinuxThe Apache Software Foundation
Product-debian_linuxxml_graphics_batikApache XML Graphics Batik
CWE ID-CWE-918
Server-Side Request Forgery (SSRF)
CVE-2025-27888
Matching Score-6
Assigner-Apache Software Foundation
ShareView Details
Matching Score-6
Assigner-Apache Software Foundation
CVSS Score-5.8||MEDIUM
EPSS-1.66% / 73.98%
||
7 Day CHG~0.00%
Published-20 Mar, 2025 | 11:29
Updated-14 Jul, 2025 | 12:58
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Apache Druid: Server-Side Request Forgery and Cross-Site Scripting

Severity: medium (5.8) / important Server-Side Request Forgery (SSRF), Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'), URL Redirection to Untrusted Site ('Open Redirect') vulnerability in Apache Druid. This issue affects all previous Druid versions. When using the Druid management proxy, a request that has a specially crafted URL could be used to redirect the request to an arbitrary server instead. This has the potential for XSS or XSRF. The user is required to be authenticated for this exploit. The management proxy is enabled in Druid's out-of-box configuration. It may be disabled to mitigate this vulnerability. If the management proxy is disabled, some web console features will not work properly, but core functionality is unaffected. Users are recommended to upgrade to Druid 31.0.2 or Druid 32.0.1, which fixes the issue.

Action-Not Available
Vendor-The Apache Software Foundation
Product-druidApache Druid
CWE ID-CWE-601
URL Redirection to Untrusted Site ('Open Redirect')
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CWE ID-CWE-918
Server-Side Request Forgery (SSRF)
CVE-2022-44730
Matching Score-6
Assigner-Apache Software Foundation
ShareView Details
Matching Score-6
Assigner-Apache Software Foundation
CVSS Score-4.4||MEDIUM
EPSS-0.75% / 50.81%
||
7 Day CHG~0.00%
Published-22 Aug, 2023 | 13:57
Updated-13 Feb, 2025 | 17:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Apache XML Graphics Batik: Information disclosure vulnerability

Server-Side Request Forgery (SSRF) vulnerability in Apache Software Foundation Apache XML Graphics Batik.This issue affects Apache XML Graphics Batik: 1.16. A malicious SVG can probe user profile / data and send it directly as parameter to a URL.

Action-Not Available
Vendor-Debian GNU/LinuxThe Apache Software Foundation
Product-debian_linuxxml_graphics_batikApache XML Graphics Batik
CWE ID-CWE-918
Server-Side Request Forgery (SSRF)
CVE-2021-27905
Matching Score-6
Assigner-Apache Software Foundation
ShareView Details
Matching Score-6
Assigner-Apache Software Foundation
CVSS Score-9.8||CRITICAL
EPSS-93.05% / 99.82%
||
7 Day CHG~0.00%
Published-13 Apr, 2021 | 06:35
Updated-03 Aug, 2024 | 21:33
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
SSRF vulnerability with the Replication handler

The ReplicationHandler (normally registered at "/replication" under a Solr core) in Apache Solr has a "masterUrl" (also "leaderUrl" alias) parameter that is used to designate another ReplicationHandler on another Solr core to replicate index data into the local core. To prevent a SSRF vulnerability, Solr ought to check these parameters against a similar configuration it uses for the "shards" parameter. Prior to this bug getting fixed, it did not. This problem affects essentially all Solr versions prior to it getting fixed in 8.8.2.

Action-Not Available
Vendor-The Apache Software Foundation
Product-solrApache Solr
CWE ID-CWE-918
Server-Side Request Forgery (SSRF)
CVE-2019-0227
Matching Score-6
Assigner-Apache Software Foundation
ShareView Details
Matching Score-6
Assigner-Apache Software Foundation
CVSS Score-7.5||HIGH
EPSS-86.50% / 99.72%
||
7 Day CHG~0.00%
Published-01 May, 2019 | 20:03
Updated-08 May, 2025 | 18:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A Server Side Request Forgery (SSRF) vulnerability affected the Apache Axis 1.4 distribution that was last released in 2006. Security and bug commits commits continue in the projects Axis 1.x Subversion repository, legacy users are encouraged to build from source. The successor to Axis 1.x is Axis2, the latest version is 1.7.9 and is not vulnerable to this issue.

Action-Not Available
Vendor-The Apache Software FoundationOracle Corporation
Product-communications_session_report_managercommunications_session_route_manageragile_product_lifecycle_managementinstantis_enterprisetrackcommunications_order_and_service_managementfinancial_services_compliance_regulatory_reportingcommunications_design_studiopolicy_automation_connector_for_siebelcommunications_network_integrityhospitality_guest_accesscommunications_asap_cartridgesagile_engineering_data_managementreal-time_decision_serverpeoplesoft_enterprise_human_capital_management_human_resourcesfinancial_services_analytical_applications_infrastructureenterprise_manager_for_fusion_middlewareflexcube_private_bankingknowledgesecure_global_desktopaxissiebel_ui_frameworkretail_xstore_point_of_serviceflexcube_core_bankingretail_order_brokerbig_data_discoveryfinancial_services_funds_transfer_pricingcommunications_element_managerapplication_testing_suitepeoplesoft_enterprise_peopletoolsrapid_planningtuxedoendeca_information_discovery_studiointernet_directoryprimavera_gatewaywebcenter_portalenterprise_manager_base_platformprimavera_unifierApache Axis 1.4
CWE ID-CWE-918
Server-Side Request Forgery (SSRF)
CVE-2022-42890
Matching Score-6
Assigner-Apache Software Foundation
ShareView Details
Matching Score-6
Assigner-Apache Software Foundation
CVSS Score-7.5||HIGH
EPSS-2.32% / 81.55%
||
7 Day CHG~0.00%
Published-25 Oct, 2022 | 00:00
Updated-03 Aug, 2024 | 13:19
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Apache Batik prior to 1.16 allows RCE via scripting

A vulnerability in Batik of Apache XML Graphics allows an attacker to run Java code from untrusted SVG via JavaScript. This issue affects Apache XML Graphics prior to 1.16. Users are recommended to upgrade to version 1.16.

Action-Not Available
Vendor-The Apache Software FoundationDebian GNU/Linux
Product-batikdebian_linuxApache XML Graphics
CWE ID-CWE-918
Server-Side Request Forgery (SSRF)
CVE-2026-55993
Matching Score-6
Assigner-Apache Software Foundation
ShareView Details
Matching Score-6
Assigner-Apache Software Foundation
CVSS Score-7.5||HIGH
EPSS-0.54% / 41.59%
||
7 Day CHG~0.00%
Published-06 Jul, 2026 | 08:13
Updated-09 Jul, 2026 | 03:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Apache Camel Atmosphere Websocket: The inbound consumer maps externally-supplied WebSocket query parameters into the Exchange without a HeaderFilterStrategy, allowing injection of Camel control headers - enabling influencing internal behaviour

Improper Input Validation, Exposure of Sensitive Information to an Unauthorized Actor, Server-Side Request Forgery (SSRF) vulnerability in Apache Camel in Atmosphere Websocket Component. The camel-atmosphere-websocket consumer mapped inbound WebSocket query parameters into the Camel Exchange header map without applying any HeaderFilterStrategy (WebsocketConsumer.sendEventNotification() iterates the query-string map collected in WebsocketConsumer.service() and copies each entry into the Exchange). Because nothing blocked the Camel header namespace, a client connecting to the WebSocket endpoint could set Camel-internal control headers - including CamelHttpUri (Exchange.HTTP_URI) - simply by supplying them as query parameters. In a route where the WebSocket consumer feeds a downstream HTTP producer, the injected CamelHttpUri redirects the server-side HTTP request to an attacker-chosen destination (server-side request forgery - for example to an internal service or a cloud metadata endpoint). In addition, the HTTP producer resolves Camel property placeholders on the resulting (attacker-controlled) URI, so placeholders embedded in the injected value - such as an environment-variable reference, an application property, or a vault reference - are resolved to their real values and sent to the attacker, disclosing environment variables, application properties and vault secrets. When the WebSocket endpoint is exposed without authentication, this is reachable by an unauthenticated remote attacker. This issue affects Apache Camel: from 4.0.0 before 4.14.8, from 4.15.0 before 4.18.3, from 4.19.0 before 4.21.0. Users are recommended to upgrade to version 4.21.0, which fixes the issue. If users are on the 4.14.x LTS releases stream, then they are suggested to upgrade to 4.14.8. If users are on the 4.18.x releases stream, then they are suggested to upgrade to 4.18.3. The fix makes the consumer apply the HeaderFilterStrategy it already inherits from the HTTP/servlet stack, filtering the Camel header namespace case-insensitively on inbound mapping, so externally-supplied Camel* / camel* headers are no longer copied into the Exchange. For deployments that cannot upgrade immediately, strip the Camel control headers from the inbound message before they reach any downstream producer (for example removeHeaders('Camel*') and removeHeaders('camel*') at the start of the route), require authentication on the WebSocket endpoint, and avoid bridging an untrusted consumer directly into an HTTP producer whose target URI can be driven from message headers.

Action-Not Available
Vendor-The Apache Software Foundation
Product-camelApache Camel Atmosphere Websocket
CWE ID-CWE-20
Improper Input Validation
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CWE ID-CWE-918
Server-Side Request Forgery (SSRF)
CVE-2026-55994
Matching Score-6
Assigner-Apache Software Foundation
ShareView Details
Matching Score-6
Assigner-Apache Software Foundation
CVSS Score-7.5||HIGH
EPSS-0.40% / 31.90%
||
7 Day CHG~0.00%
Published-06 Jul, 2026 | 08:13
Updated-09 Jul, 2026 | 03:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Apache Camel Iggy: The inbound consumer maps externally-supplied Iggy message user-headers into the Exchange without a HeaderFilterStrategy, allowing injection of Camel control headers - enabling control over internal behaviour

Improper Input Validation, Exposure of Sensitive Information to an Unauthorized Actor, Server-Side Request Forgery (SSRF) vulnerability in Apache Camel in Iggy component. The camel-iggy consumer mapped the user-headers of inbound Iggy messages into the Camel Exchange header map without applying any HeaderFilterStrategy (IggyFetchRecords copied the message user-headers straight into the Exchange). Because nothing blocked the Camel header namespace, an actor able to publish to the consumed Iggy stream/topic could set Camel-internal control headers - including CamelHttpUri (Exchange.HTTP_URI) - simply by supplying them as message user-headers. In a route where the Iggy consumer feeds a downstream HTTP producer, the injected CamelHttpUri redirects the server-side HTTP request to an attacker-chosen destination (server-side request forgery - for example to an internal service or a cloud metadata endpoint). In addition, the HTTP producer resolves Camel property placeholders on the resulting (attacker-controlled) URI, so placeholders embedded in the injected value - such as an environment-variable reference, an application property, or a vault reference - are resolved to their real values and sent to the attacker, disclosing environment variables, application properties and vault secrets. This issue affects Apache Camel: from 4.17.0 before 4.18.3, from 4.19.0 before 4.21.0. Users are recommended to upgrade to version 4.21.0, which fixes the issue. If users are on the 4.18.x releases stream, then they are suggested to upgrade to 4.18.3. The fix adds a dedicated IggyHeaderFilterStrategy (and a headerFilterStrategy endpoint option) that filters the Camel header namespace case-insensitively on inbound mapping, so externally-supplied Camel* / camel* headers are no longer copied into the Exchange. For deployments that cannot upgrade immediately, strip the Camel control headers from the inbound message before they reach any downstream producer (for example removeHeaders('Camel*') and removeHeaders('camel*') at the start of the route), restrict who can publish to the consumed Iggy stream/topic, and avoid bridging an untrusted consumer directly into an HTTP producer whose target URI can be driven from message headers.

Action-Not Available
Vendor-The Apache Software Foundation
Product-camelApache Camel Iggy
CWE ID-CWE-20
Improper Input Validation
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CWE ID-CWE-918
Server-Side Request Forgery (SSRF)
CVE-2026-49328
Matching Score-6
Assigner-Apache Software Foundation
ShareView Details
Matching Score-6
Assigner-Apache Software Foundation
CVSS Score-5.3||MEDIUM
EPSS-0.50% / 39.59%
||
7 Day CHG~0.00%
Published-01 Jun, 2026 | 10:10
Updated-01 Jun, 2026 | 15:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Apache Fesod (Incubating): Improper validation of user-supplied URLs leading to SSRF

Server-Side Request Forgery (SSRF) in the UrlImageConverter component of Apache Fesod (Incubating) fesod-sheet before 2.0.2-incubating allows attackers to cause outbound network requests to internal or otherwise restricted resources via a user-supplied image URL. Users are recommended to upgrade to version 2.0.2-incubating, which fixes this issue.

Action-Not Available
Vendor-The Apache Software Foundation
Product-fesodApache Fesod (Incubating)
CWE ID-CWE-918
Server-Side Request Forgery (SSRF)
CVE-2026-49876
Matching Score-6
Assigner-Apache Software Foundation
ShareView Details
Matching Score-6
Assigner-Apache Software Foundation
CVSS Score-6.5||MEDIUM
EPSS-0.50% / 39.60%
||
7 Day CHG~0.00%
Published-13 Jul, 2026 | 08:45
Updated-13 Jul, 2026 | 22:22
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Apache Gravitino: Authenticated SSRF in Gravitino JobManager allows server-side HTTP requests to internal network and cloud metadata endpoints via unvalidated job template URIs

Authenticated SSRF in Gravitino JobManager allows server-side HTTP requests to internal network and cloud metadata endpoints via unvalidated job template URIs. A vulnerability in Apache Gravitino. This issue affects Apache Gravitino: from 1.0.0 through 1.2.1. Users are recommended to upgrade to version 1.3.0, which fixes the issue.

Action-Not Available
Vendor-The Apache Software Foundation
Product-gravitinoApache Gravitino
CWE ID-CWE-918
Server-Side Request Forgery (SSRF)
CVE-2026-48205
Matching Score-6
Assigner-Apache Software Foundation
ShareView Details
Matching Score-6
Assigner-Apache Software Foundation
CVSS Score-9.1||CRITICAL
EPSS-0.37% / 29.24%
||
7 Day CHG~0.00%
Published-06 Jul, 2026 | 08:08
Updated-08 Jul, 2026 | 03:14
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Apache Camel DNS: The dns.* and term Exchange header constants used non-Camel-prefixed names that bypass the HTTP header filter, allowing an HTTP client to influence internal behaviour

Improper Input Validation, Server-Side Request Forgery (SSRF) vulnerability in Apache Camel DNS component. The camel-dns producers read DNS operation parameters - the resolver to query, the name or domain to look up, the record type and class, and the search term - from Exchange message headers whose constant values (DnsConstants.DNS_SERVER, DNS_NAME, DNS_DOMAIN, DNS_TYPE, DNS_CLASS, TERM) were the plain strings dns.server, dns.name, dns.domain, dns.type, dns.class and term. Because these names do not start with the Camel / camel prefix, HttpHeaderFilterStrategy - which blocks only the Camel header namespace on the HTTP boundary - let them pass from an inbound HTTP request straight into the Exchange. In a route that bridges an HTTP consumer (for example platform-http) into a dns: producer, any HTTP client could therefore set the dns.server header to make the dig producer build a SimpleResolver pointing at an attacker-controlled DNS server - a server-side request forgery via DNS, through which the attacker observes the queried name and can return poisoned responses - and set the dns.name / dns.domain headers to resolve arbitrary internal hostnames, disclosing whether they exist (internal network reconnaissance). No credentials are required when the bridging consumer is unauthenticated. This issue affects Apache Camel: from 4.0.0 before 4.14.8, from 4.15.0 before 4.18.3, from 4.19.0 before 4.21.0. Users are recommended to upgrade to version 4.21.0, which fixes the issue. If users are on the 4.14.x LTS releases stream, then they are suggested to upgrade to 4.14.8. If users are on the 4.18.x releases stream, then they are suggested to upgrade to 4.18.3. After upgrading, routes that drive DNS operations via the raw header names must use CamelDnsServer / CamelDnsName / CamelDnsDomain / CamelDnsType / CamelDnsClass / CamelDnsTerm instead of the dns.* / term names. For deployments that cannot upgrade immediately, strip the dns.* and term headers from any untrusted ingress before the dns: producer, and set the DNS server and lookup parameters from a trusted source in the route.

Action-Not Available
Vendor-The Apache Software Foundation
Product-camelApache Camel DNS
CWE ID-CWE-20
Improper Input Validation
CWE ID-CWE-918
Server-Side Request Forgery (SSRF)
CVE-2026-48203
Matching Score-6
Assigner-Apache Software Foundation
ShareView Details
Matching Score-6
Assigner-Apache Software Foundation
CVSS Score-9.1||CRITICAL
EPSS-0.37% / 29.24%
||
7 Day CHG~0.00%
Published-06 Jul, 2026 | 08:06
Updated-08 Jul, 2026 | 03:14
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Apache Camel: Camel-Solr: The SolrParam. and SolrField. Exchange header prefixes used non-Camel-prefixed names that bypass the HTTP header filter, allowing an HTTP client to inject Solr query parameters (server-side request forgery) and document fields

Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection'), Improper Input Validation, Server-Side Request Forgery (SSRF) vulnerability in Apache Camel Solr component. The camel-solr producer copies Exchange message headers whose names begin with the SolrParam. prefix into the parameters of the Solr request, and headers whose names begin with the SolrField. prefix into the fields of the indexed Solr document. The prefix constants (SolrConstants.HEADER_PARAM_PREFIX / HEADER_FIELD_PREFIX) were the plain strings SolrParam. / SolrField.. Because these names do not start with the Camel / camel prefix, HttpHeaderFilterStrategy - which blocks only the Camel header namespace on the HTTP boundary - let them pass from an inbound HTTP request straight into the Exchange. In a route that bridges an HTTP consumer (for example platform-http) into a solr: producer, any HTTP client could therefore set SolrParam.* headers to inject arbitrary Solr request parameters - including shards or stream.url, which cause the Solr server to issue server-side requests to an attacker-chosen URL (server-side request forgery, for example to an internal service or a cloud metadata endpoint), or qt to reach administrative request handlers - and set SolrField.* headers to inject arbitrary fields into indexed documents. No credentials are required when the bridging consumer is unauthenticated. This issue affects Apache Camel: from 4.0.0 before 4.14.8, from 4.15.0 before 4.18.3, from 4.19.0 before 4.21.0. Users are recommended to upgrade to version 4.21.0, which fixes the issue. If users are on the 4.14.x LTS releases stream, then they are suggested to upgrade to 4.14.8. If users are on the 4.18.x releases stream, then they are suggested to upgrade to 4.18.3. After upgrading, routes that set Solr parameters or fields via the raw header prefixes must use CamelSolrParam. / CamelSolrField. instead of SolrParam. / SolrField.. For deployments that cannot upgrade immediately, strip the SolrParam.* and SolrField.* headers from any untrusted ingress before the solr: producer, and set the required Solr parameters and fields from a trusted source in the route.

Action-Not Available
Vendor-The Apache Software Foundation
Product-camelApache Camel
CWE ID-CWE-20
Improper Input Validation
CWE ID-CWE-74
Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
CWE ID-CWE-918
Server-Side Request Forgery (SSRF)
CVE-2026-46726
Matching Score-6
Assigner-Apache Software Foundation
ShareView Details
Matching Score-6
Assigner-Apache Software Foundation
CVSS Score-7.5||HIGH
EPSS-0.54% / 41.59%
||
7 Day CHG~0.00%
Published-06 Jul, 2026 | 08:05
Updated-06 Jul, 2026 | 20:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Apache Camel Vertx Websocket: The inbound consumer maps externally-supplied WebSocket query and path parameters into the Exchange without a HeaderFilterStrategy, allowing injection of Camel control headers

Improper Input Validation, Exposure of Sensitive Information to an Unauthorized Actor, Server-Side Request Forgery (SSRF) vulnerability in Apache Camel in Vertx Websocket component. The camel-vertx-websocket consumer mapped inbound WebSocket query and path parameters into the Camel Exchange header map without applying any HeaderFilterStrategy (VertxWebsocketConsumer.populateExchangeHeaders()). Because nothing blocked the Camel header namespace, a client connecting to the WebSocket endpoint could set Camel-internal control headers - including CamelHttpUri (Exchange.HTTP_URI) - simply by supplying them as query parameters. In a route where the WebSocket consumer feeds a downstream HTTP producer, the injected CamelHttpUri redirects the server-side HTTP request to an attacker-chosen destination (server-side request forgery - for example to an internal service or a cloud metadata endpoint). In addition, the HTTP producer resolves Camel property placeholders on the resulting (attacker-controlled) URI, so placeholders embedded in the injected value - such as an environment-variable reference, an application property, or a vault reference - are resolved to their real values and sent to the attacker, disclosing environment variables, application properties and vault secrets. When the WebSocket endpoint is exposed without authentication, this is reachable by an unauthenticated remote attacker. This issue affects Apache Camel: from 4.0.0 before 4.14.8, from 4.15.0 before 4.18.3, from 4.19.0 before 4.21.0. Users are recommended to upgrade to version 4.21.0, which fixes the issue. If users are on the 4.14.x LTS releases stream, then they are suggested to upgrade to 4.14.8. If users are on the 4.18.x releases stream, then they are suggested to upgrade to 4.18.3. The fix makes the affected consumers apply a HeaderFilterStrategy that filters the Camel header namespace case-insensitively on inbound mapping, so externally-supplied Camel* / camel* headers are no longer copied into the Exchange. For deployments that cannot upgrade immediately, strip the Camel control headers from the inbound message before they reach any downstream producer (for example removeHeaders('Camel*') and removeHeaders('camel*') at the start of the route), require authentication on the WebSocket endpoint, and avoid bridging an untrusted consumer directly into an HTTP producer whose target URI can be driven from message headers.

Action-Not Available
Vendor-The Apache Software Foundation
Product-Apache Camel Vertx Websocket
CWE ID-CWE-20
Improper Input Validation
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CWE ID-CWE-918
Server-Side Request Forgery (SSRF)
CVE-2026-44598
Matching Score-6
Assigner-Apache Software Foundation
ShareView Details
Matching Score-6
Assigner-Apache Software Foundation
CVSS Score-5.1||MEDIUM
EPSS-0.38% / 30.60%
||
7 Day CHG~0.00%
Published-25 May, 2026 | 20:19
Updated-28 May, 2026 | 13:44
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Apache Shiro Jakarta EE module: Open redirect and SSRF (requires valid credentials)

With valid login credentials, URL Redirection to Untrusted Site ('Open Redirect'), Server-Side Request Forgery (SSRF) vulnerability in Apache Shiro. This issue affects Apache Shiro from 2.0-alpha to 2.1.0, and 3.0.0-alpha-1, only when using shiro-jakarta-ee integration module. Users are recommended to upgrade to version 2.1.1, or 3.0.0-alpha-2 or later, which fixes the issue by encrypting the cookie. After successful login, Jakarta EE integration module uses shiroSavedRequest cookie to redirect to a particular web page after login. This cookie was not validated, and can be forged to send a HTTP GET request from the server itself to an arbitrary URL from the cookie.

Action-Not Available
Vendor-The Apache Software Foundation
Product-shiroApache Shiro Jakarta EE module
CWE ID-CWE-601
URL Redirection to Untrusted Site ('Open Redirect')
CWE ID-CWE-918
Server-Side Request Forgery (SSRF)
CVE-2022-41704
Matching Score-6
Assigner-Apache Software Foundation
ShareView Details
Matching Score-6
Assigner-Apache Software Foundation
CVSS Score-7.5||HIGH
EPSS-2.14% / 80.02%
||
7 Day CHG~0.00%
Published-25 Oct, 2022 | 00:00
Updated-25 Feb, 2026 | 18:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Apache Batik prior to 1.16 allows RCE when loading untrusted SVG input

A vulnerability in Batik of Apache XML Graphics allows an attacker to run untrusted Java code from an SVG. This issue affects Apache XML Graphics prior to 1.16. It is recommended to update to version 1.16.

Action-Not Available
Vendor-The Apache Software FoundationDebian GNU/Linux
Product-batikdebian_linuxApache XML Graphics
CWE ID-CWE-918
Server-Side Request Forgery (SSRF)
CVE-2018-17198
Matching Score-6
Assigner-Apache Software Foundation
ShareView Details
Matching Score-6
Assigner-Apache Software Foundation
CVSS Score-9.8||CRITICAL
EPSS-4.12% / 89.67%
||
7 Day CHG~0.00%
Published-28 May, 2019 | 17:08
Updated-05 Aug, 2024 | 10:47
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Server-side Request Forgery (SSRF) and File Enumeration vulnerability in Apache Roller 5.2.1, 5.2.0 and earlier unsupported versions relies on Java SAX Parser to implement its XML-RPC interface and by default that parser supports external entities in XML DOCTYPE, which opens Roller up to SSRF / File Enumeration vulnerability. Note that this vulnerability exists even if Roller XML-RPC interface is disable via the Roller web admin UI. Mitigation: There are a couple of ways you can fix this vulnerability: 1) Upgrade to the latest version of Roller, which is now 5.2.2 2) Or, edit the Roller web.xml file and comment out the XML-RPC Servlet mapping as shown below: <!-- <servlet-mapping> <servlet-name>XmlRpcServlet</servlet-name> <url-pattern>/roller-services/xmlrpc</url-pattern> </servlet-mapping> -->

Action-Not Available
Vendor-The Apache Software Foundation
Product-rollerApache Roller
CWE ID-CWE-918
Server-Side Request Forgery (SSRF)
CVE-2026-42404
Matching Score-6
Assigner-Apache Software Foundation
ShareView Details
Matching Score-6
Assigner-Apache Software Foundation
CVSS Score-6.5||MEDIUM
EPSS-0.50% / 39.34%
||
7 Day CHG~0.00%
Published-01 May, 2026 | 09:46
Updated-01 May, 2026 | 18:06
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Apache Neethi: Unrestricted HTTP Redirect Following in Policy References

Apache Neethi does not impose any restrictions on URIs when manually fetching remote policy references through the PolicyReference API. When an application explicitly calls the API to retrieve a policy from a remote URI, an outbound request is made for arbitrary protocols and internal IP adddresses. From 3.2.2, only http or https URIs are allowed, and link-local/multicast/any-local addresses are forbidden. Users are recommended to upgrade to version 3.2.2, which fixes this issue.

Action-Not Available
Vendor-The Apache Software Foundation
Product-neethiApache Neethi
CWE ID-CWE-918
Server-Side Request Forgery (SSRF)
CVE-2018-1000421
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-6.5||MEDIUM
EPSS-1.29% / 67.08%
||
7 Day CHG~0.00%
Published-09 Jan, 2019 | 23:00
Updated-05 Aug, 2024 | 12:40
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An improper authorization vulnerability exists in Jenkins Mesos Plugin 0.17.1 and earlier in MesosCloud.java that allows attackers with Overall/Read access to initiate a test connection to an attacker-specified Mesos server with attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins.

Action-Not Available
Vendor-n/aThe Apache Software Foundation
Product-mesosn/a
CWE ID-CWE-918
Server-Side Request Forgery (SSRF)
CVE-2022-40146
Matching Score-6
Assigner-Apache Software Foundation
ShareView Details
Matching Score-6
Assigner-Apache Software Foundation
CVSS Score-7.5||HIGH
EPSS-5.79% / 92.27%
||
7 Day CHG~0.00%
Published-22 Sep, 2022 | 00:00
Updated-03 Nov, 2025 | 20:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Jar url should be blocked by DefaultScriptSecurity

Server-Side Request Forgery (SSRF) vulnerability in Batik of Apache XML Graphics allows an attacker to access files using a Jar url. This issue affects Apache XML Graphics Batik 1.14.

Action-Not Available
Vendor-Debian GNU/LinuxThe Apache Software Foundation
Product-debian_linuxbatikApache XML Graphics
CWE ID-CWE-918
Server-Side Request Forgery (SSRF)
CVE-2022-38398
Matching Score-6
Assigner-Apache Software Foundation
ShareView Details
Matching Score-6
Assigner-Apache Software Foundation
CVSS Score-5.3||MEDIUM
EPSS-2.02% / 78.74%
||
7 Day CHG~0.00%
Published-22 Sep, 2022 | 00:00
Updated-03 Nov, 2025 | 20:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Server-Side Request Forgery Information Disclosure Vulnerability

Server-Side Request Forgery (SSRF) vulnerability in Batik of Apache XML Graphics allows an attacker to load a url thru the jar protocol. This issue affects Apache XML Graphics Batik 1.14.

Action-Not Available
Vendor-Debian GNU/LinuxThe Apache Software Foundation
Product-debian_linuxbatikApache XML Graphics
CWE ID-CWE-918
Server-Side Request Forgery (SSRF)
CVE-2022-38648
Matching Score-6
Assigner-Apache Software Foundation
ShareView Details
Matching Score-6
Assigner-Apache Software Foundation
CVSS Score-5.3||MEDIUM
EPSS-1.95% / 78.03%
||
7 Day CHG~0.00%
Published-22 Sep, 2022 | 00:00
Updated-03 Nov, 2025 | 20:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
PDFTranscoder does not block external resources

Server-Side Request Forgery (SSRF) vulnerability in Batik of Apache XML Graphics allows an attacker to fetch external resources. This issue affects Apache XML Graphics Batik 1.14.

Action-Not Available
Vendor-Debian GNU/LinuxThe Apache Software Foundation
Product-debian_linuxbatikApache XML Graphics
CWE ID-CWE-918
Server-Side Request Forgery (SSRF)
CVE-2026-40564
Matching Score-6
Assigner-Apache Software Foundation
ShareView Details
Matching Score-6
Assigner-Apache Software Foundation
CVSS Score-6.5||MEDIUM
EPSS-0.49% / 38.93%
||
7 Day CHG~0.00%
Published-26 May, 2026 | 14:38
Updated-02 Jun, 2026 | 16:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Apache Flink Kubernetes Operator: Server-Side Request Forgery and local file access in Kubernetes Operator

Files or Directories Accessible to External Parties, Server-Side Request Forgery (SSRF) vulnerability in Apache Flink Kubernetes Operator. The FlinkSessionJob jarURI is currently not validated so that it points to user-owned files or addresses.  This lets a user with CR create permissions read files from the operator pod's filesystem and pull content from any backing store reachable through Flink's pluggable filesystem layer and access them through the submitted Flink job. Furthermore for fetching from http/https addresses there is currently no allowlist on the URI scheme, no host check, no IP-range restriction, and no protection against pointing the URI at internal or link-local addresses.This issue affects Apache Flink Kubernetes Operator: from 1.3.0 before 1.15.0. Users are recommended to upgrade to version 1.15.0, which fixes the issue.

Action-Not Available
Vendor-The Apache Software Foundation
Product-flink_kubernetes_operatorApache Flink Kubernetes Operator
CWE ID-CWE-552
Files or Directories Accessible to External Parties
CWE ID-CWE-918
Server-Side Request Forgery (SSRF)
CVE-2024-56736
Matching Score-6
Assigner-Apache Software Foundation
ShareView Details
Matching Score-6
Assigner-Apache Software Foundation
CVSS Score-6.5||MEDIUM
EPSS-0.61% / 45.07%
||
7 Day CHG+0.04%
Published-16 Apr, 2025 | 15:38
Updated-17 Apr, 2025 | 20:22
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Apache HertzBeat: Server-Side Request Forgery (SSRF) in Api Config Oss

Server-Side Request Forgery (SSRF) vulnerability in Apache HertzBeat. This issue affects Apache HertzBeat (incubating): before 1.7.0. Users are recommended to upgrade to version 1.7.0, which fixes the issue.

Action-Not Available
Vendor-The Apache Software Foundation
Product-Apache HertzBeat
CWE ID-CWE-918
Server-Side Request Forgery (SSRF)
CVE-2022-24969
Matching Score-6
Assigner-Apache Software Foundation
ShareView Details
Matching Score-6
Assigner-Apache Software Foundation
CVSS Score-6.1||MEDIUM
EPSS-1.70% / 74.70%
||
7 Day CHG~0.00%
Published-06 Jun, 2022 | 22:00
Updated-03 Aug, 2024 | 04:29
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
bypass of CVE-2021-25640

bypass CVE-2021-25640 > In Apache Dubbo prior to 2.6.12 and 2.7.15, the usage of parseURL method will lead to the bypass of the white host check which can cause open redirect or SSRF vulnerability.

Action-Not Available
Vendor-The Apache Software Foundation
Product-dubboApache Dubbo
CWE ID-CWE-918
Server-Side Request Forgery (SSRF)
CWE ID-CWE-601
URL Redirection to Untrusted Site ('Open Redirect')
CVE-2024-48944
Matching Score-6
Assigner-Apache Software Foundation
ShareView Details
Matching Score-6
Assigner-Apache Software Foundation
CVSS Score-6.5||MEDIUM
EPSS-0.58% / 43.69%
||
7 Day CHG~0.00%
Published-27 Mar, 2025 | 15:05
Updated-08 May, 2025 | 10:26
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Apache Kylin: SSRF vulnerability in the diagnosis api

Server-Side Request Forgery (SSRF) vulnerability in Apache Kylin. Through a kylin server, an attacker may forge a request to invoke "/kylin/api/xxx/diag" api on another internal host and possibly get leaked information. There are two preconditions: 1) The attacker has got admin access to a kylin server; 2) Another internal host has the "/kylin/api/xxx/diag" api endpoint open for service. This issue affects Apache Kylin: from 5.0.0 through 5.0.1. Users are recommended to upgrade to version 5.0.2, which fixes the issue.

Action-Not Available
Vendor-The Apache Software Foundation
Product-kylinApache Kylin
CWE ID-CWE-918
Server-Side Request Forgery (SSRF)
CVE-2024-47208
Matching Score-6
Assigner-Apache Software Foundation
ShareView Details
Matching Score-6
Assigner-Apache Software Foundation
CVSS Score-9.8||CRITICAL
EPSS-1.61% / 73.22%
||
7 Day CHG~0.00%
Published-18 Nov, 2024 | 08:43
Updated-21 Nov, 2024 | 09:39
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Apache OFBiz: URLs allowing remote use of Groovy expressions, leading to RCE

Server-Side Request Forgery (SSRF), Improper Control of Generation of Code ('Code Injection') vulnerability in Apache OFBiz. This issue affects Apache OFBiz: before 18.12.17. Users are recommended to upgrade to version 18.12.17, which fixes the issue.

Action-Not Available
Vendor-The Apache Software Foundation
Product-Apache OFBiz
CWE ID-CWE-918
Server-Side Request Forgery (SSRF)
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CVE-2017-5643
Matching Score-6
Assigner-Apache Software Foundation
ShareView Details
Matching Score-6
Assigner-Apache Software Foundation
CVSS Score-7.4||HIGH
EPSS-4.89% / 91.10%
||
7 Day CHG~0.00%
Published-16 Mar, 2017 | 15:00
Updated-13 May, 2026 | 00:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Apache Camel's Validation Component is vulnerable against SSRF via remote DTDs and XXE.

Action-Not Available
Vendor-The Apache Software Foundation
Product-camelApache Camel
CWE ID-CWE-918
Server-Side Request Forgery (SSRF)
CVE-2024-43394
Matching Score-6
Assigner-Apache Software Foundation
ShareView Details
Matching Score-6
Assigner-Apache Software Foundation
CVSS Score-7.5||HIGH
EPSS-1.09% / 61.81%
||
7 Day CHG~0.00%
Published-10 Jul, 2025 | 16:56
Updated-04 Nov, 2025 | 22:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Apache HTTP Server: SSRF on Windows due to UNC paths

Server-Side Request Forgery (SSRF) in Apache HTTP Server on Windows allows to potentially leak NTLM hashes to a malicious server via  mod_rewrite or apache expressions that pass unvalidated request input. This issue affects Apache HTTP Server: from 2.4.0 through 2.4.63. Note:  The Apache HTTP Server Project will be setting a higher bar for accepting vulnerability reports regarding SSRF via UNC paths. The server offers limited protection against administrators directing the server to open UNC paths. Windows servers should limit the hosts they will connect over via SMB based on the nature of NTLM authentication.

Action-Not Available
Vendor-The Apache Software FoundationMicrosoft Corporation
Product-http_serverwindowsApache HTTP Server
CWE ID-CWE-918
Server-Side Request Forgery (SSRF)
CVE-2024-45507
Matching Score-6
Assigner-Apache Software Foundation
ShareView Details
Matching Score-6
Assigner-Apache Software Foundation
CVSS Score-8.8||HIGH
EPSS-93.38% / 99.83%
||
7 Day CHG+0.14%
Published-04 Sep, 2024 | 08:08
Updated-13 Sep, 2024 | 03:55
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Apache OFBiz: Prevent use of URLs in files when loading them from Java or Groovy, leading to a RCE

Server-Side Request Forgery (SSRF), Improper Control of Generation of Code ('Code Injection') vulnerability in Apache OFBiz. This issue affects Apache OFBiz: before 18.12.16. Users are recommended to upgrade to version 18.12.16, which fixes the issue.

Action-Not Available
Vendor-apache_software_foundationThe Apache Software Foundation
Product-ofbizApache OFBizapache_ofbiz
CWE ID-CWE-918
Server-Side Request Forgery (SSRF)
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CVE-2017-3164
Matching Score-6
Assigner-Apache Software Foundation
ShareView Details
Matching Score-6
Assigner-Apache Software Foundation
CVSS Score-7.5||HIGH
EPSS-19.44% / 97.06%
||
7 Day CHG~0.00%
Published-08 Mar, 2019 | 21:00
Updated-16 Sep, 2024 | 19:52
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Server Side Request Forgery in Apache Solr, versions 1.3 until 7.6 (inclusive). Since the "shards" parameter does not have a corresponding whitelist mechanism, a remote attacker with access to the server could make Solr perform an HTTP GET request to any reachable URL.

Action-Not Available
Vendor-The Apache Software Foundation
Product-solrApache Solr
CWE ID-CWE-918
Server-Side Request Forgery (SSRF)
CVE-2024-43204
Matching Score-6
Assigner-Apache Software Foundation
ShareView Details
Matching Score-6
Assigner-Apache Software Foundation
CVSS Score-7.5||HIGH
EPSS-0.77% / 51.56%
||
7 Day CHG~0.00%
Published-10 Jul, 2025 | 16:54
Updated-04 Nov, 2025 | 22:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Apache HTTP Server: SSRF with mod_headers setting Content-Type header

SSRF in Apache HTTP Server with mod_proxy loaded allows an attacker to send outbound proxy requests to a URL controlled by the attacker.  Requires an unlikely configuration where mod_headers is configured to modify the Content-Type request or response header with a value provided in the HTTP request. Users are recommended to upgrade to version 2.4.64 which fixes this issue.

Action-Not Available
Vendor-The Apache Software Foundation
Product-http_serverApache HTTP Server
CWE ID-CWE-918
Server-Side Request Forgery (SSRF)
CVE-2024-40898
Matching Score-6
Assigner-Apache Software Foundation
ShareView Details
Matching Score-6
Assigner-Apache Software Foundation
CVSS Score-9.1||CRITICAL
EPSS-1.54% / 72.06%
||
7 Day CHG~0.00%
Published-18 Jul, 2024 | 09:32
Updated-13 Sep, 2024 | 17:05
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Apache HTTP Server: SSRF with mod_rewrite in server/vhost context on Windows

SSRF in Apache HTTP Server on Windows with mod_rewrite in server/vhost context, allows to potentially leak NTML hashes to a malicious server via SSRF and malicious requests. Users are recommended to upgrade to version 2.4.62 which fixes this issue. 

Action-Not Available
Vendor-The Apache Software FoundationMicrosoft Corporation
Product-http_serverwindowsApache HTTP Serverapache_http_server
CWE ID-CWE-918
Server-Side Request Forgery (SSRF)
CVE-2024-38472
Matching Score-6
Assigner-Apache Software Foundation
ShareView Details
Matching Score-6
Assigner-Apache Software Foundation
CVSS Score-7.5||HIGH
EPSS-67.95% / 99.25%
||
7 Day CHG~0.00%
Published-01 Jul, 2024 | 18:12
Updated-01 Jul, 2025 | 20:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Apache HTTP Server on WIndows UNC SSRF

SSRF in Apache HTTP Server on Windows allows to potentially leak NTLM hashes to a malicious server via SSRF and malicious requests or content Users are recommended to upgrade to version 2.4.60 which fixes this issue.  Note: Existing configurations that access UNC paths will have to configure new directive "UNCList" to allow access during request processing.

Action-Not Available
Vendor-apache_software_foundationThe Apache Software FoundationNetApp, Inc.
Product-ontaphttp_serverApache HTTP Serverapache_http_server
CWE ID-CWE-918
Server-Side Request Forgery (SSRF)
CVE-2024-36471
Matching Score-6
Assigner-Apache Software Foundation
ShareView Details
Matching Score-6
Assigner-Apache Software Foundation
CVSS Score-7.5||HIGH
EPSS-0.75% / 50.82%
||
7 Day CHG~0.00%
Published-10 Jun, 2024 | 21:55
Updated-15 Jul, 2025 | 16:36
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Apache Allura: sensitive information exposure via DNS rebinding

Import functionality is vulnerable to DNS rebinding attacks between verification and processing of the URL.  Project administrators can run these imports, which could cause Allura to read from internal services and expose them. This issue affects Apache Allura from 1.0.1 through 1.16.0. Users are recommended to upgrade to version 1.17.0, which fixes the issue. If you are unable to upgrade, set "disable_entry_points.allura.importers = forge-tracker, forge-discussion" in your .ini config file.

Action-Not Available
Vendor-The Apache Software Foundation
Product-alluraApache Alluraallura
CWE ID-CWE-20
Improper Input Validation
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CWE ID-CWE-918
Server-Side Request Forgery (SSRF)
CVE-2024-36448
Matching Score-6
Assigner-Apache Software Foundation
ShareView Details
Matching Score-6
Assigner-Apache Software Foundation
CVSS Score-7.3||HIGH
EPSS-0.70% / 49.02%
||
7 Day CHG~0.00%
Published-05 Aug, 2024 | 09:53
Updated-13 Mar, 2025 | 15:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Apache IoTDB Workbench: SSRF Vulnerability (EOL)

** UNSUPPORTED WHEN ASSIGNED ** Server-Side Request Forgery (SSRF) vulnerability in Apache IoTDB Workbench. This issue affects Apache IoTDB Workbench: from 0.13.0. As this project is retired, we do not plan to release a version that fixes this issue. Users are recommended to find an alternative or restrict access to the instance to trusted users. NOTE: This vulnerability only affects products that are no longer supported by the maintainer.

Action-Not Available
Vendor-The Apache Software Foundation
Product-iotdb_workbenchApache IoTDB Workbench
CWE ID-CWE-918
Server-Side Request Forgery (SSRF)
CVE-2024-45479
Matching Score-6
Assigner-Apache Software Foundation
ShareView Details
Matching Score-6
Assigner-Apache Software Foundation
CVSS Score-9.1||CRITICAL
EPSS-0.62% / 45.58%
||
7 Day CHG~0.00%
Published-21 Jan, 2025 | 21:26
Updated-10 Jun, 2025 | 09:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Apache Ranger: SSRF in Edit Service page - Add logic to filter requests to localhost

SSRF vulnerability in Edit Service Page of Apache Ranger UI in Apache Ranger Version 2.4.0. Users are recommended to upgrade to version Apache Ranger 2.5.0, which fixes this issue.

Action-Not Available
Vendor-The Apache Software Foundation
Product-rangerApache Ranger
CWE ID-CWE-918
Server-Side Request Forgery (SSRF)
CVE-2026-34476
Matching Score-6
Assigner-Apache Software Foundation
ShareView Details
Matching Score-6
Assigner-Apache Software Foundation
CVSS Score-7.1||HIGH
EPSS-0.35% / 26.80%
||
7 Day CHG~0.00%
Published-13 Apr, 2026 | 13:01
Updated-20 Apr, 2026 | 16:45
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Apache SkyWalking MCP: Server-Side Request Forgery via SW-URL Header in MCP Server

Server-Side Request Forgery via SW-URL Header vulnerability in Apache SkyWalking MCP. This issue affects Apache SkyWalking MCP: 0.1.0. Users are recommended to upgrade to version 0.2.0, which fixes this issue.

Action-Not Available
Vendor-The Apache Software Foundation
Product-skywalking_mcpApache SkyWalking MCP
CWE ID-CWE-918
Server-Side Request Forgery (SSRF)
CVE-2024-28752
Matching Score-6
Assigner-Apache Software Foundation
ShareView Details
Matching Score-6
Assigner-Apache Software Foundation
CVSS Score-9.3||CRITICAL
EPSS-5.85% / 92.36%
||
7 Day CHG~0.00%
Published-15 Mar, 2024 | 10:27
Updated-27 Jun, 2025 | 15:06
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Apache CXF SSRF Vulnerability using the Aegis databinding

A SSRF vulnerability using the Aegis DataBinding in versions of Apache CXF before 4.0.4, 3.6.3 and 3.5.8 allows an attacker to perform SSRF style attacks on webservices that take at least one parameter of any type. Users of other data bindings (including the default databinding) are not impacted.

Action-Not Available
Vendor-NetApp, Inc.The Apache Software Foundation
Product-oncommand_workflow_automationontap_toolscxfApache CXFoncommand_workflow_automationcxf
CWE ID-CWE-918
Server-Side Request Forgery (SSRF)
CVE-2024-29007
Matching Score-6
Assigner-Apache Software Foundation
ShareView Details
Matching Score-6
Assigner-Apache Software Foundation
CVSS Score-7.3||HIGH
EPSS-0.78% / 52.00%
||
7 Day CHG~0.00%
Published-04 Apr, 2024 | 07:49
Updated-02 Sep, 2025 | 21:14
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Apache CloudStack: When downloading templates or ISOs, the management server and SSVM follow HTTP redirects with potentially dangerous consequences

The CloudStack management server and secondary storage VM could be tricked into making requests to restricted or random resources by means of following 301 HTTP redirects presented by external servers when downloading templates or ISOs. Users are recommended to upgrade to version 4.18.1.1 or 4.19.0.1, which fixes this issue.

Action-Not Available
Vendor-The Apache Software Foundation
Product-cloudstackApache CloudStackcloudstack
CWE ID-CWE-918
Server-Side Request Forgery (SSRF)
CVE-2024-29736
Matching Score-6
Assigner-Apache Software Foundation
ShareView Details
Matching Score-6
Assigner-Apache Software Foundation
CVSS Score-7.5||HIGH
EPSS-1.03% / 59.83%
||
7 Day CHG~0.00%
Published-19 Jul, 2024 | 08:50
Updated-15 Nov, 2024 | 13:08
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Apache CXF: SSRF vulnerability via WADL stylesheet parameter

A SSRF vulnerability in WADL service description in versions of Apache CXF before 4.0.5, 3.6.4 and 3.5.9 allows an attacker to perform SSRF style attacks on REST webservices. The attack only applies if a custom stylesheet parameter is configured.

Action-Not Available
Vendor-The Apache Software Foundation
Product-cxfApache CXFcxf
CWE ID-CWE-918
Server-Side Request Forgery (SSRF)
  • Previous
  • 1
  • 2
  • Next
Details not found