CVE-2024-33864

Published: May 14, 2024Modified: Apr 28, 2025

5.9

Vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

Exploitability: 2.5 / Impact: 3.4

Source: 134c704f-9b21-4f2e-91b3-4a467353bcc0 (Secondary)

Description

An issue was discovered in linqi before 1.4.0.1 on Windows. There is SSRF via Document template generation; i.e., via remote images in process creation, file inclusion, and PDF document generation via malicious JavaScript.

Affected (1)

Products: Linqi: Linqi

Linqi

1 product

Linqi

Configuration A

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Linqi Linqi	Before 1.4.0.1

Running on/with	Platform Versions
Microsoft Windows	All versions

Related CWEs

CWE-918

Server-Side Request Forgery (SSRF)

The web server receives a URL or similar request from an upstream component and retrieves the contents of this URL, but it does not sufficiently ensure that the request is being sent to the expected destination.

References (4)

https://linqi.help/Updates/en#/SecurityUpdates

Source: cve@mitre.org

Broken Link

https://www.linqi.de/de-DE/blog.html

Source: cve@mitre.org

Product

https://linqi.help/Updates/en#/SecurityUpdates

Source: af854a3a-2127-422b-91ae-364da2661108

Broken Link

https://www.linqi.de/de-DE/blog.html

Source: af854a3a-2127-422b-91ae-364da2661108

Product

Timeline

No history available yet.