CWE-918

In Gradle Enterprise before 2021.1.3, an attacker with the ability to perform SSRF attacks can potentially reset the system user password.

In Gradle Enterprise before 2021.1.3, an attacker with the ability to perform SSRF attacks can potentially discover credentials for other resources.

The third party intelligence connector in Securonix SNYPR 6.3.1 Build 184295_0302 allows an authenticated user to obtain access to server configuration details via SSRF.

flatCore-CMS version 2.0.8 calls dangerous functions, causing server-side request forgery vulnerabilities.

Nim is a systems programming language with a focus on efficiency, expressiveness, and elegance. In affected versions the uri.parseUri function which may be used to validate URIs accepts null bytes in the input URI. This behavior could be used to bypass URI validation. For example: parseUri(“http://localhosthello”).hostname is set to “localhosthello”. Additionally, httpclient.getContent accepts null bytes in the input URL and ignores any data after the first null byte. Example: getContent(“http://localhosthello”) makes a request to localhost:80. An attacker can use a null bytes to bypass the check and mount a SSRF attack.

An issue was discovered in Jamf Pro before 10.32.0, aka PI-009921. An account can be granted incorrect privileges in response to authentication that uses specific sign-on workflows.