CVE-2022-4096
- Source
- https://cve.org/CVERecord?id=CVE-2022-4096
- Import Source
- https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2022-4096.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/CVE-2022-4096
- Aliases
- Published
- 2022-11-21T00:00:00Z
- Modified
- 2026-06-15T19:01:17.014608Z
- Severity
-
- 8.8 (High) CVSS_V3 - CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVSS Calculator
- Summary
- Server-Side Request Forgery (SSRF) in appsmithorg/appsmith
- Details
-
Server-Side Request Forgery (SSRF) in GitHub repository appsmithorg/appsmith prior to 1.8.2.
- Database specific
{ "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2022/4xxx/CVE-2022-4096.json", "cna_assigner": "@huntrdev", "cwe_ids": [ "CWE-918" ] }- References
Affected packages
Git / github.com/appsmithorg/appsmith
Affected ranges
- Type
- GIT
- Repo
- https://github.com/appsmithorg/appsmith
- Events
-
Introduced0 Unknown introduced commit / All previous commits are affectedFixedFixed
- Database specific
{ "extracted_events": [ { "introduced": "0" }, { "fixed": "1.8.2" } ], "cpe": "cpe:2.3:a:appsmith:appsmith:*:*:*:*:*:*:*:*", "source": [ "CPE_RANGE", "REFERENCES" ] }
Affected versions
v.*
v.1.6.23
v.1.6.25
v1.*
v1.0
v1.0-beta.2
v1.0.1
v1.0.2
v1.1
v1.2
v1.2.1
v1.2.16
v1.2.2
v1.2.4
v1.4.3
v1.4.4
v1.5.17
v1.6.10
v1.6.11
v1.6.12
v1.6.13
v1.6.14
v1.6.15
v1.6.16
v1.6.17
v1.6.18
v1.6.19
v1.6.20
v1.6.21
v1.6.22
v1.6.3
v1.6.4
v1.6.5
v1.6.6
v1.6.7
v1.6.8
v1.6.9
v1.7.0
v1.7.1
v1.7.10
v1.7.11
v1.7.12
v1.7.13
v1.7.14
v1.7.2
v1.7.3
v1.7.4
v1.7.5
v1.7.6
v1.7.7
v1.7.8
v1.7.9
v1.8.0
v1.8.1
Database specific
vanir_signatures_modified
"2026-06-15T19:01:17Z"
vanir_signatures
[
{
"digest": {
"function_hash": "145192353046966337268140405587157479158",
"length": 257.0
},
"signature_version": "v1",
"id": "CVE-2022-4096-087a7191",
"signature_type": "Function",
"deprecated": false,
"target": {
"file": "app/server/appsmith-interfaces/src/main/java/com/appsmith/external/helpers/restApiUtils/helpers/URIUtils.java",
"function": "isHostDisallowed"
},
"source": "https://github.com/appsmithorg/appsmith/commit/769719ccfe667f059fe0b107a19ec9feb90f2e40"
},
{
"digest": {
"function_hash": "320125406614367455751840880674335359709",
"length": 1255.0
},
"signature_version": "v1",
"id": "CVE-2022-4096-10a0d677",
"signature_type": "Function",
"deprecated": false,
"target": {
"file": "app/server/appsmith-interfaces/src/main/java/com/appsmith/external/helpers/restApiUtils/helpers/TriggerUtils.java",
"function": "httpCall"
},
"source": "https://github.com/appsmithorg/appsmith/commit/769719ccfe667f059fe0b107a19ec9feb90f2e40"
},
{
"digest": {
"function_hash": "225057294993370712810450889180737739016",
"length": 2586.0
},
"signature_version": "v1",
"id": "CVE-2022-4096-18cb2627",
"signature_type": "Function",
"deprecated": false,
"target": {
"file": "app/server/appsmith-plugins/graphqlPlugin/src/main/java/com/external/plugins/GraphQLPlugin.java",
"function": "executeCommon"
},
"source": "https://github.com/appsmithorg/appsmith/commit/769719ccfe667f059fe0b107a19ec9feb90f2e40"
},
{
"digest": {
"function_hash": "232595062182890884019937015522591473303",
"length": 2028.0
},
"signature_version": "v1",
"id": "CVE-2022-4096-19ccab3d",
"signature_type": "Function",
"deprecated": false,
"target": {
"file": "app/server/appsmith-plugins/restApiPlugin/src/main/java/com/external/plugins/RestApiPlugin.java",
"function": "executeCommon"
},
"source": "https://github.com/appsmithorg/appsmith/commit/769719ccfe667f059fe0b107a19ec9feb90f2e40"
},
{
"digest": {
"line_hashes": [
"1906220893943288162975239611409868616",
"327403330009109782213699735399517140076",
"210534189610095526983392772956703013014",
"173734250369427551105401043272961312990",
"159903214742014915456552627492337824627",
"231166734702854534524628588026470344680",
"178483210615713673001989083233823764328",
"41081640110009591233711851980940062525",
"318495023744784146031956633635185535358",
"217539437609383015220294261587638939393",
"115879790528042589862242109992304832253",
"334272372327746116856876404465892003247",
"163383551272440098956563036298976909220",
"220813482680929491638127749487653109939",
"301993365345742324245151268770420637003",
"253511673818984759217450905539996281195",
"192020996282278339137335534909040627463",
"327335332208978346880570469130367814693",
"267650468687137936297592929726358760361",
"58405673752907439458785901755753401717",
"75542745313134479502714619823445448125",
"83404781443020683183694574996814071850",
"307186311240352573381431014358941886291",
"332267304259521991188232640159465582059",
"31201756065821084274289988206622829036",
"196209619457724590981813577280017204148",
"338772347849475182106093147658585872246",
"77829242734829849290582673389632582552",
"326496954402190001074806667230075896258",
"207397333776816430915448239299190643812",
"118412004251265702118259826822940251952",
"334134501083073071026981063788217244698",
"329098663154413081880838519035595944492",
"190549833761771755456069371611068519924",
"65383955711124502965912776193522887633",
"119258643187066581918636638689377121213",
"217612922888326080339377603902683798987"
],
"threshold": 0.9
},
"signature_version": "v1",
"id": "CVE-2022-4096-34789603",
"signature_type": "Line",
"deprecated": false,
"target": {
"file": "app/server/appsmith-plugins/restApiPlugin/src/main/java/com/external/plugins/RestApiPlugin.java"
},
"source": "https://github.com/appsmithorg/appsmith/commit/769719ccfe667f059fe0b107a19ec9feb90f2e40"
},
{
"digest": {
"line_hashes": [
"9432807538767962584797898349220320343",
"52551641944866154371062618517949017704",
"186067944762004003040038228366692296396",
"125421055054178106608631466262724517656",
"206603820124025874868527552986765365780",
"23296424897504233498418632905693977757",
"250044257116057661112853595149949373131",
"198015489322318751229901727108827565502",
"323058948095689910138317083533736013844",
"44016896568965995257143730853379607488",
"94423622687769574475632935447820786640",
"221611715936225490432828313645697653278",
"330368287441661979309345246694304253347",
"333421210382167043585675976987801187413",
"71211260255431211347363682855661584562",
"248060465884554720023021684783136434803",
"296397270775122601438852585218784189499",
"158194635007527626288897730995241102856",
"241619175683777770207076300055573966475",
"39277198374113349581233151752275253321",
"294630623907768869588077670155020561564",
"196485098516979948758681860856940872806",
"176408812080947312704823639519104554444",
"166879455028029835718121745409258157965",
"15304750005334614994272616857774482818",
"198829199188401441490958277895465272529",
"171691032300907601164736347487597528933",
"65569457389471712760959422064346638933",
"102130471066200392478778849541708735566",
"319916296588898627676566072646922602523",
"235036516467583697181719156527240141145",
"312304696117047751048503408896516349463",
"148532068848401723459686977282131815331",
"241980686970398920992044525753120686594"
],
"threshold": 0.9
},
"signature_version": "v1",
"id": "CVE-2022-4096-46bd4eef",
"signature_type": "Line",
"deprecated": false,
"target": {
"file": "app/server/appsmith-interfaces/src/main/java/com/appsmith/external/helpers/restApiUtils/helpers/URIUtils.java"
},
"source": "https://github.com/appsmithorg/appsmith/commit/769719ccfe667f059fe0b107a19ec9feb90f2e40"
},
{
"digest": {
"function_hash": "267492141035305050599787153187617396633",
"length": 104.0
},
"signature_version": "v1",
"id": "CVE-2022-4096-5a538166",
"signature_type": "Function",
"deprecated": false,
"target": {
"file": "app/server/appsmith-interfaces/src/main/java/com/appsmith/util/WebClientUtils.java",
"function": "applyProxyIfConfigured"
},
"source": "https://github.com/appsmithorg/appsmith/commit/769719ccfe667f059fe0b107a19ec9feb90f2e40"
},
{
"digest": {
"line_hashes": [
"231483649200881672082014547658348531063",
"86961080019782418952535482205134517757",
"200648727588846091343621663116642474186",
"305995746986382932104750229307389258993",
"161190483828085352843835890732144052736",
"5862196658595711611917824259678668309",
"293787578447207019131154865525080545355",
"74014854090953883254002554201905282774",
"270725679880291375545038202830537095454",
"254928441929797434896139706168201728871",
"64043790967528099477973069407333935220",
"103085229028138648742053220945896495945",
"39840017659799108034710533403200095403",
"332267304259521991188232640159465582059",
"31201756065821084274289988206622829036",
"196209619457724590981813577280017204148",
"338772347849475182106093147658585872246",
"77829242734829849290582673389632582552",
"326496954402190001074806667230075896258",
"207397333776816430915448239299190643812",
"118412004251265702118259826822940251952",
"334134501083073071026981063788217244698",
"329098663154413081880838519035595944492",
"190549833761771755456069371611068519924",
"65383955711124502965912776193522887633",
"119258643187066581918636638689377121213",
"217612922888326080339377603902683798987",
"75749394366896405202597042412917237027",
"331050432484328793477704557754027243284",
"110226518681904854083907055664664912754",
"145145025078464045340602369133673487268"
],
"threshold": 0.9
},
"signature_version": "v1",
"id": "CVE-2022-4096-6944a682",
"signature_type": "Line",
"deprecated": false,
"target": {
"file": "app/server/appsmith-plugins/graphqlPlugin/src/main/java/com/external/plugins/GraphQLPlugin.java"
},
"source": "https://github.com/appsmithorg/appsmith/commit/769719ccfe667f059fe0b107a19ec9feb90f2e40"
},
{
"digest": {
"line_hashes": [
"240958382942554352802090193593784956309",
"55704793273543278149867192313565721517",
"194122578210547262657160601661619049734",
"150140589688475733853243262144199509912",
"119196896495049716637779105134024242937",
"187166151209392289558680599359284054336",
"158781597371433977778143084359189863988",
"198677741434331334413937711261451883077",
"90103784137279341676681812673654721903",
"225816719063546806193867385609177043022",
"106539172807504149582797617433701360112",
"50941609230112282674902019359575150310",
"333753869095742125951325089539944181690",
"189342261600526618766925393221605963427",
"173955012246342190496818385764573837663",
"61144392077508017409544447700515355896",
"195007045390438894953353282844120737507",
"77435531346964978503749928005471779747",
"191502762138506629961452780128196125187",
"298840346835004233814700068443424973872",
"36781568397455925042754208722177390441",
"29177008767409714595104849141979534437"
],
"threshold": 0.9
},
"signature_version": "v1",
"id": "CVE-2022-4096-7f4713f9",
"signature_type": "Line",
"deprecated": false,
"target": {
"file": "app/server/appsmith-interfaces/src/main/java/com/appsmith/external/helpers/restApiUtils/helpers/TriggerUtils.java"
},
"source": "https://github.com/appsmithorg/appsmith/commit/769719ccfe667f059fe0b107a19ec9feb90f2e40"
},
{
"digest": {
"line_hashes": [
"152080683263539389310825549221773902643",
"81238634984805231071149285195258320729",
"268046508700574288624370261150199261478",
"59492654715229827296589583969034419835",
"212294121939776760438620164986502201522",
"162626788513041985441781706830507616319",
"12600041097976052340374565469927415204",
"204960003617103543509999299812168985478",
"129448274625508867638131384252943189712",
"118130825794073133000084654204937120307",
"284697442329839013251825626330659977224",
"71119792600175972427052685533574434649",
"303859067245223287758665289427627995770",
"269894264416325655323774178277371410537"
],
"threshold": 0.9
},
"signature_version": "v1",
"id": "CVE-2022-4096-82ed1321",
"signature_type": "Line",
"deprecated": false,
"target": {
"file": "app/server/appsmith-interfaces/src/main/java/com/appsmith/util/WebClientUtils.java"
},
"source": "https://github.com/appsmithorg/appsmith/commit/769719ccfe667f059fe0b107a19ec9feb90f2e40"
},
{
"digest": {
"function_hash": "51271055448745066480315227247537221847",
"length": 556.0
},
"signature_version": "v1",
"id": "CVE-2022-4096-e885fcc6",
"signature_type": "Function",
"deprecated": false,
"target": {
"file": "app/server/appsmith-interfaces/src/main/java/com/appsmith/external/helpers/restApiUtils/helpers/URIUtils.java",
"function": "addQueryParamsToURI"
},
"source": "https://github.com/appsmithorg/appsmith/commit/769719ccfe667f059fe0b107a19ec9feb90f2e40"
}
]
source
"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2022-4096.json"