Description
Microcks up to 1.17.1 was discovered to contain a Server-Side Request Forgery (SSRF) via the component /jobs and /artifact/download. This vulnerability allows attackers to access network resources and sensitive information via a crafted GET request.
Remediation
References
https://gist.github.com/b33t1e/2a2dc17cf36cd741b2c99425c892d826
https://github.com/microcks/microcks
https://github.com/orgs/microcks/discussions/892
Related Vulnerabilities
CVE-2022-41248 Vulnerability in maven package org.jenkins-ci.plugins:bigpanda-jenkins
CVE-2021-22147 Vulnerability in maven package org.elasticsearch:elasticsearch
CVE-2022-31129 Vulnerability in maven package org.webjars.bower:moment
CVE-2017-16018 Vulnerability in npm package restify
CVE-2021-21341 Vulnerability in maven package com.thoughtworks.xstream:xstream