CVE-2017-20157

Published: Dec 31, 2022Modified: Nov 21, 2024

9.8

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Exploitability: 3.9 / Impact: 5.9

Source: NVD

Description

A vulnerability was found in Ariadne Component Library up to 2.x. It has been classified as critical. Affected is an unknown function of the file src/url/Url.php. The manipulation leads to server-side request forgery. Upgrading to version 3.0 is able to address this issue. It is recommended to upgrade the affected component. The identifier of this vulnerability is VDB-217140.

Affected (1)

Products: Ariadne Cms: Ariadne Component Library

1 product

Ariadne Component Library

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Ariadne Cms Ariadne Component Library	Before 3.0

Related CWEs

Server-Side Request Forgery (SSRF)

The web server receives a URL or similar request from an upstream component and retrieves the contents of this URL, but it does not sufficiently ensure that the request is being sent to the expected destination.

References (8)

https://github.com/Ariadne-CMS/arc-web/commit/1feb1cc11e6c9f218408f15f53f537ea0d788656

Source: cna@vuldb.com

PatchThird Party Advisory

https://github.com/Ariadne-CMS/arc-web/releases/tag/3.0

Source: cna@vuldb.com

Release NotesThird Party Advisory

https://vuldb.com/?ctiid.217140

Source: cna@vuldb.com

Third Party Advisory

https://vuldb.com/?id.217140

Source: cna@vuldb.com

Third Party Advisory

https://github.com/Ariadne-CMS/arc-web/commit/1feb1cc11e6c9f218408f15f53f537ea0d788656

Source: af854a3a-2127-422b-91ae-364da2661108

PatchThird Party Advisory

https://github.com/Ariadne-CMS/arc-web/releases/tag/3.0

Source: af854a3a-2127-422b-91ae-364da2661108

Release NotesThird Party Advisory

https://vuldb.com/?ctiid.217140

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

https://vuldb.com/?id.217140

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

Timeline

No history available yet.