Data

Tools

Indexes

Applications

Experiments

Advisories

An open API service providing security vulnerability metadata for many open source software ecosystems.

GSA_kwCzR0hTQS1oeGd4LTU4NHgtdndtOM4AAyfW

High EPSS: 0.80247% (0.99056 Percentile) EPSS:
Permalink JSON

Appwrite Server-Side Request Forgery vulnerability

Affected Packages Affected Versions Fixed Versions
packagist:appwrite/server-ce <= 1.2.1 No known fixed version
0 Dependent packages
0 Dependent repositories
16,383 Downloads total

Affected Version Ranges

All affected versions

0.1.13, 0.1.15, 0.2.0, 0.3.0, 0.4.0, 0.5.0, 0.5.1, 0.5.2, 0.5.3, 0.6.0, 0.6.1, 0.6.2, 0.7.0, 0.7.1, 0.7.2, 0.8.0, 0.9.1, 0.9.2, 0.9.3, 0.9.4, 0.10.0, 0.10.1, 0.10.2, 0.10.3, 0.10.4, 0.11.0, 0.11.1, 0.11.2, 0.12.0, 0.12.1, 0.12.2, 0.12.3, 0.12.4, 0.13.0, 0.13.1, 0.13.2, 0.13.3, 0.13.4, 0.14.0, 0.14.1, 0.14.2, 0.15.0, 0.15.1, 0.15.2, 0.15.3, 1.0.0, 1.0.1, 1.0.2, 1.0.3, 1.1.0, 1.1.1, 1.1.2, 1.2.0, 1.2.1

Appwrite up to v1.2.1 was discovered to contain a Server-Side Request Forgery (SSRF) via the component /v1/avatars/favicon. This vulnerability allows attackers to access network resources and sensitive information via a crafted GET request.

References:

Identifiers

GHSA-hxgx-584x-vwm8

CVE-2023-27159

Risk

Severity

High

EPSS

EPSS Percentage: 0.80247

EPSS Percentile: 0.99056

Classification

General

Source

GitHub Advisory Database

Origin

Unspecified

Repository

https://github.com/appwrite/appwrite

Date and time

Published

over 2 years ago

Updated

over 2 years ago

API

JSON