CVE-2024-55089

Published: Dec 18, 2024Modified: Feb 20, 2026

9.1

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

Exploitability: 3.9 / Impact: 5.2

Source: 134c704f-9b21-4f2e-91b3-4a467353bcc0 (Secondary)

Description

Rhymix before 2.1.24 is vulnerable to Server-Side Request Forgery (SSRF) in the background import data function because XML documents may contain external entities.

Affected (1)

Products: Rhymix: Rhymix

Rhymix

1 product

Rhymix

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Rhymix Rhymix	Version 2.1.19

Related CWEs

CWE-352

Cross-Site Request Forgery (CSRF)

The web application does not, or can not, sufficiently verify whether a well-formed, valid, consistent request was intentionally provided by the user who submitted the request.

CWE-918

Server-Side Request Forgery (SSRF)

The web server receives a URL or similar request from an upstream component and retrieves the contents of this URL, but it does not sufficiently ensure that the request is being sent to the expected destination.

References (3)

https://github.com/rhymix/rhymix/commit/464985b1ef382cc8cf852e9b028a960aa58b40c3

Source: cve@mitre.org

https://rhymix.org/news/1909005

Source: cve@mitre.org

https://tasteful-stamp-da4.notion.site/CVE-2024-55089-15b1e0f227cb8064a563c697709b7530?pvs=73

Source: cve@mitre.org

Broken Link

Timeline

No history available yet.