Description
A Server Side Request Forgery (SSRF) vulnerability in FaviconServlet.java in Ignite Realtime Openfire through 4.4.2 allows attackers to send arbitrary HTTP GET requests.
Remediation
References
https://github.com/igniterealtime/Openfire/pull/1497
https://swarm.ptsecurity.com/openfire-admin-console/
Related Vulnerabilities
CVE-2020-26272 Vulnerability in maven package org.webjars.npm:electron
CVE-2021-29943 Vulnerability in maven package org.apache.solr:solr-core
CVE-2021-41097 Vulnerability in npm package aurelia-path
CVE-2017-18077 Vulnerability in maven package org.webjars.npm:brace-expansion
CVE-2021-39147 Vulnerability in maven package com.thoughtworks.xstream:xstream