CVE-2019-12161
- Source
- https://cve.org/CVERecord?id=CVE-2019-12161
- Import Source
- https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2019-12161.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/CVE-2019-12161
- Published
- 2019-05-17T19:29:00.790Z
- Modified
- 2025-11-14T09:06:13.253689Z
- Severity
-
- 8.8 (High) CVSS_V3 - CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVSS Calculator
- Summary
- [none]
- Details
-
WPO WebPageTest 19.04 allows SSRF because ValidateURL in www/runtest.php does not consider octal encoding of IP addresses (such as 0300.0250 as a replacement for 192.168).
- References
Affected packages
Git / github.com/wpo-foundation/webpagetest
Affected ranges
- Type
- GIT
- Repo
- https://github.com/wpo-foundation/webpagetest
- Events
-
Introduced0 Unknown introduced commit / All previous commits are affectedLast affected
Affected versions
18.*
18.08
18.09
18.09.1
18.10
19.*
19.04
2.*
2.13
WebPageTest-17.*
WebPageTest-17.08
WebPageTest-17.12
WebPageTest-2.*
WebPageTest-2.16
WebPageTest-2.17
WebPageTest-2.18
WebPageTest-2.19
WebPageTest-3.*
WebPageTest-3.0
WebPagetest-2.*
WebPagetest-2.12
WebPagetest-2.14
WebPagetest-2.15
Other
stable