Server side request forgery in gibbon
Published: April 26, 2022
SECURITY IDENTIFIERS
- CVE: CVE-2022-27311 (NVD)
- GHSA: GHSA-vx9g-377x-xwxq
- Vendor Advisory: https://github.com/amro/gibbon/pull/321
GEM
SEVERITY
CVSS v3.x: 9.8 (Critical)
PATCHED VERSIONS
>= 3.4.4
DESCRIPTION
Gibbon v3.4.3 and below allows attackers to execute a Server-Side Request Forgery (SSRF) via a crafted URL. This issue has been resolved in version 3.4.4