CVE-2024-31979

Source
https://nvd.nist.gov/vuln/detail/CVE-2024-31979
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2024-31979.json
JSON Data
https://api.test.osv.dev/v1/vulns/CVE-2024-31979
Aliases
Published
2024-07-17T09:15:02Z
Modified
2024-10-12T11:22:50.580105Z
Severity
  • 4.3 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N CVSS Calculator
Summary
[none]
Details

Server-Side Request Forgery (SSRF) vulnerability in Apache StreamPipes during installation process of pipeline elements. Previously, StreamPipes allowed users to configure custom endpoints from which to install additional pipeline elements. These endpoints were not properly validated, allowing an attacker to get StreamPipes to send an HTTP GET request to an arbitrary address. This issue affects Apache StreamPipes: through 0.93.0.

Users are recommended to upgrade to version 0.95.0, which fixes the issue.

References

Affected packages

Git / github.com/apache/streampipes

Affected ranges

Type
GIT
Repo
https://github.com/apache/streampipes
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed

Affected versions

0.*

0.60.0
0.60.1
0.61.0
0.62.0
0.63.0
0.64.0
0.65.0

release/0.*

release/0.66.0

version-0.*

version-0.55.1
version-0.55.2