Acunetix DAST powers runtime capabilities for Invicti’s complete AppSec platform. Visit Invicti for more.

WEB APPLICATION VULNERABILITIES SCA (Software Composition Analysis)

CVE-2021-45851 Vulnerability in npm package @frangoteam/fuxa

Description

A Server-Side Request Forgery (SSRF) attack in FUXA 1.1.3 can be carried out leading to the obtaining of sensitive information from the server's internal environment and services, often potentially leading to the attacker executing commands on the server.

Remediation

References

https://www.youtube.com/watch?v=JE1Kcq3iJpc

Related Vulnerabilities

CVE-2017-16219 Vulnerability in npm package yttivy

CVE-2023-37462 Vulnerability in maven package org.xwiki.platform:xwiki-platform-skin-ui

CVE-2017-16089 Vulnerability in npm package serverlyr

CVE-2023-29922 Vulnerability in maven package tech.powerjob:powerjob

CVE-2021-31597 Vulnerability in npm package xmlhttprequest-ssl

Severity

High

Classification

CWE-918 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Tags

Exploit Third Party Advisory