An open API service providing security vulnerability metadata for many open source software ecosystems.

GSA_kwCzR0hTQS1oeGd4LTU4NHgtdndtOM4AAyfW

High EPSS: 0.80247% (0.99056 Percentile) EPSS:

Appwrite Server-Side Request Forgery vulnerability

Affected Packages Affected Versions Fixed Versions
packagist:appwrite/server-ce <= 1.2.1 No known fixed version
0 Dependent packages
0 Dependent repositories
16,383 Downloads total

Affected Version Ranges

All affected versions

0.1.13, 0.1.15, 0.2.0, 0.3.0, 0.4.0, 0.5.0, 0.5.1, 0.5.2, 0.5.3, 0.6.0, 0.6.1, 0.6.2, 0.7.0, 0.7.1, 0.7.2, 0.8.0, 0.9.1, 0.9.2, 0.9.3, 0.9.4, 0.10.0, 0.10.1, 0.10.2, 0.10.3, 0.10.4, 0.11.0, 0.11.1, 0.11.2, 0.12.0, 0.12.1, 0.12.2, 0.12.3, 0.12.4, 0.13.0, 0.13.1, 0.13.2, 0.13.3, 0.13.4, 0.14.0, 0.14.1, 0.14.2, 0.15.0, 0.15.1, 0.15.2, 0.15.3, 1.0.0, 1.0.1, 1.0.2, 1.0.3, 1.1.0, 1.1.1, 1.1.2, 1.2.0, 1.2.1

Appwrite up to v1.2.1 was discovered to contain a Server-Side Request Forgery (SSRF) via the component /v1/avatars/favicon. This vulnerability allows attackers to access network resources and sensitive information via a crafted GET request.

References: