Description
Microcks up to 1.17.1 was discovered to contain a Server-Side Request Forgery (SSRF) via the component /jobs and /artifact/download. This vulnerability allows attackers to access network resources and sensitive information via a crafted GET request.
Remediation
References
https://gist.github.com/b33t1e/2a2dc17cf36cd741b2c99425c892d826
https://github.com/microcks/microcks
https://github.com/orgs/microcks/discussions/892
Related Vulnerabilities
CVE-2013-7285 Vulnerability in maven package org.jbehave:jbehave-core
CVE-2019-0194 Vulnerability in maven package org.apache.camel:camel-core
CVE-2016-0710 Vulnerability in maven package org.apache.portals.jetspeed-2:jetspeed-security
CVE-2022-31160 Vulnerability in maven package org.webjars.bower:jquery-ui
CVE-2010-2076 Vulnerability in maven package org.apache.cxf:cxf-bundle