CVE-2024-38514

HIGH Year: 2024
CVSS v3 Score
7.4
High
Weakness Type
CWE-918
View all →

Vulnerability Description

NextChat is a cross-platform ChatGPT/Gemini UI. There is a Server-Side Request Forgery (SSRF) vulnerability due to a lack of validation of the `endpoint` GET parameter on the WebDav API endpoint. This SSRF can be used to perform arbitrary HTTPS request from the vulnerable instance (MKCOL, PUT and GET methods supported), or to target NextChat users and make them execute arbitrary JavaScript code in their browser. This vulnerability has been patched in version 2.12.4.

Related Vulnerabilities

CVE-2016-7999

HIGH
CVSS:7.4(High)

ecrire/exec/valider_xml.php in SPIP 3.1.2 and earlier allows remote attackers to conduct server side request forgery (SSRF) attacks via a URL in the var_url parameter in a valider_xml action.

CWE-9182016

CVE-2016-9417

HIGH
CVSS:7.4(High)

The fetch_remote_file function in MyBB (aka MyBulletinBoard) before 1.8.8 and MyBB Merge System before 1.8.8 allows remote attackers to conduct server-side request forgery (SSRF) attacks via unspecifi...

CWE-9182016

CVE-2017-5518

HIGH
CVSS:7.4(High)

The media-file upload feature in GeniXCMS through 0.0.8 allows remote attackers to conduct SSRF attacks via a URL, as demonstrated by a URL with an intranet IP address.

CWE-9182017

CVE-2017-5617

HIGH
CVSS:7.4(High)

The SVG Salamander (aka svgSalamander) library, when used in a web application, allows remote attackers to conduct server-side request forgery (SSRF) attacks via an xlink:href attribute in an SVG file...

CWE-9182017

CVE-2017-5643

HIGH
CVSS:7.4(High)

Apache Camel's Validation Component is vulnerable against SSRF via remote DTDs and XXE.

CWE-9182017

CVE-2017-6130

HIGH
CVSS:7.4(High)

F5 SSL Intercept iApp 1.5.0 - 1.5.7 and SSL Orchestrator 2.0 is vulnerable to a Server-Side Request Forgery (SSRF) attack when deployed using the Dynamic Domain Bypass (DDB) feature feature plus SNAT ...

CWE-9182017