Description
Microcks up to 1.17.1 was discovered to contain a Server-Side Request Forgery (SSRF) via the component /jobs and /artifact/download. This vulnerability allows attackers to access network resources and sensitive information via a crafted GET request.
Remediation
References
https://gist.github.com/b33t1e/2a2dc17cf36cd741b2c99425c892d826
https://github.com/microcks/microcks
https://github.com/orgs/microcks/discussions/892
Related Vulnerabilities
CVE-2021-26814 Vulnerability in npm package wazuh
CVE-2022-23708 Vulnerability in maven package org.elasticsearch:elasticsearch
CVE-2021-45459 Vulnerability in npm package node-windows
CVE-2021-23375 Vulnerability in npm package psnode
CVE-2018-11698 Vulnerability in maven package org.webjars.npm:node-sass