Description

A Server-Side Request Forgery (SSRF) vulnerability exists in the stangirard/quivr application, version 0.0.204, which allows attackers to access internal networks. The vulnerability is present in the crawl endpoint where the 'url' parameter can be manipulated to send HTTP requests to arbitrary URLs, thereby facilitating SSRF attacks. The affected code is located in the backend/routes/crawl_routes.py file, specifically within the crawl_endpoint function. This issue could allow attackers to interact with internal services that are accessible from the server hosting the application.

INFO

Published Date :

2024-06-06T18:39:58.505Z

Last Modified :

2024-08-09T19:48:33.486Z

Source :

@huntr_ai
AFFECTED PRODUCTS

The following products are affected by CVE-2024-4851 vulnerability.

Vendors Products
Quivr
  • Quivr
REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2024-4851.

URL Resource
https://huntr.com/bounties/b6011986-954a-47da-a60c-fc7aebc8005d cve-icon cve-icon cve-icon
Login to claim this CVE

CVSS Vulnerability Scoring System

Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality Impact
Integrity Impact
Availability Impact
Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality Impact
Integrity Impact
Availability Impact