How severe is CVE-2024-4851?

This vulnerability has a severity rating of HIGH with a CVSS score of 7.7 out of 10.

What type of vulnerability is CVE-2024-4851?

This is classified as CWE-918, which is a common weakness in software security.

CVE-2024-4851 - HIGH Severity | CVSS 7.7

Vulnerability Description

A Server-Side Request Forgery (SSRF) vulnerability exists in the stangirard/quivr application, version 0.0.204, which allows attackers to access internal networks. The vulnerability is present in the crawl endpoint where the 'url' parameter can be manipulated to send HTTP requests to arbitrary URLs, thereby facilitating SSRF attacks. The affected code is located in the backend/routes/crawl_routes.py file, specifically within the crawl_endpoint function. This issue could allow attackers to interact with internal services that are accessible from the server hosting the application.

Related Vulnerabilities

CVE-2016-4374

HIGH

CVSS:7.7(High)

HPE Release Control (RC) 9.13, 9.20, and 9.21 before 9.21.0005 p4 allows remote authenticated users to conduct server-side request forgery (SSRF) attacks, and consequently obtain sensitive information...

CWE-9182016

CVE-2017-7566

HIGH

CVSS:7.7(High)

MyBB before 1.8.11 allows remote attackers to bypass an SSRF protection mechanism.

CWE-9182017

CVE-2018-19571

HIGH

CVSS:7.7(High)

GitLab CE/EE, versions 8.18 up to 11.x before 11.3.11, 11.4 before 11.4.8, and 11.5 before 11.5.1, are vulnerable to an SSRF vulnerability in webhooks.

CWE-9182018

CVE-2019-15033

HIGH

CVSS:7.7(High)

Pydio 6.0.8 allows Authenticated SSRF during a Remote Link Feature download. An attacker can specify an intranet address in the file parameter to index.php, when sending a file to a remote server, as ...

CWE-9182019

CVE-2019-6257

HIGH

CVSS:7.7(High)

A Server Side Request Forgery (SSRF) vulnerability in elFinder before 2.1.46 could allow a malicious user to access the content of internal network resources. This occurs in get_remote_contents() in p...

CWE-9182019

CVE-2019-7652

HIGH

CVSS:7.7(High)

TheHive Project UnshortenLink analyzer before 1.1, included in Cortex-Analyzers before 1.15.2, has SSRF. To exploit the vulnerability, an attacker must create a new analysis, select URL for Data Type,...

CWE-9182019