CVE-2024-28752

CRITICAL Year: 2024
CVSS v3 Score
9.3
Critical
Weakness Type
CWE-918
View all →

Vulnerability Description

A SSRF vulnerability using the Aegis DataBinding in versions of Apache CXF before 4.0.4, 3.6.3 and 3.5.8 allows an attacker to perform SSRF style attacks on webservices that take at least one parameter of any type. Users of other data bindings (including the default databinding) are not impacted.

Related Vulnerabilities

CVE-2022-0990

CRITICAL
CVSS:9.3(Critical)

Server-Side Request Forgery (SSRF) in GitHub repository janeczku/calibre-web prior to 0.6.18.

CWE-9182022

CVE-2024-10044

CRITICAL
CVSS:9.3(Critical)

A Server-Side Request Forgery (SSRF) vulnerability exists in the POST /worker_generate_stream API endpoint of the Controller API Server in lm-sys/fastchat, as of commit e208d5677c6837d590b81cb03847c0b...

CWE-9182024

CVE-2024-2796

CRITICAL
CVSS:9.3(Critical)

A server-side request forgery (SSRF) was discovered in the Akana API Platform in versions prior to and including 2022.1.3. Reported by Jakob Antonsson.

CWE-9182024

CVE-2024-37260

CRITICAL
CVSS:9.3(Critical)

Server-Side Request Forgery (SSRF) vulnerability in Theme-Ruby Foxiz.This issue affects Foxiz: from n/a through 2.3.5.

CWE-9182024

CVE-2024-6424

CRITICAL
CVSS:9.3(Critical)

External server-side request vulnerability in MESbook 20221021.03 version, which could allow a remote, unauthenticated attacker to exploit the endpoint "/api/Proxy/Post?userName=&password=&uri=<FILE|I...

CWE-9182024

CVE-2024-9309

CRITICAL
CVSS:9.3(Critical)

A Server-Side Request Forgery (SSRF) vulnerability exists in the POST /worker_generate_stream API endpoint of the Controller API Server in haotian-liu/llava version v1.2.0 (LLaVA-1.6). This vulnerabil...

CWE-9182024