CVE-2024-8099

HIGH Year: 2024
CVSS v3 Score
8.3
High
Weakness Type
CWE-918
View all →

Vulnerability Description

A Server-Side Request Forgery (SSRF) vulnerability exists in the latest version of vanna-ai/vanna when using DuckDB as the database. An attacker can exploit this vulnerability by submitting crafted SQL queries that leverage DuckDB's default features, such as `read_csv`, `read_csv_auto`, `read_text`, and `read_blob`, to make unauthorized requests to internal or external resources. This can lead to unauthorized access to sensitive data, internal systems, and potentially further attacks.

Related Vulnerabilities

CVE-2012-10018

HIGH
CVSS:8.3(High)

The Mapplic and Mapplic Lite plugins for WordPress are vulnerable to Server-Side Request Forgery in versions up to, and including 6.1, 1.0 respectively. This makes it possible for attackers to forgery...

CWE-9182012

CVE-2020-10252

HIGH
CVSS:8.3(High)

An issue was discovered in ownCloud before 10.4. Because of an SSRF issue (via the apps/files_sharing/external remote parameter), an authenticated attacker can interact with local services blindly (ak...

CWE-9182020

CVE-2020-24139

HIGH
CVSS:8.3(High)

Server-side request forgery in Wcms 0.3.2 lets an attacker send crafted requests from the back-end server of a vulnerable web application via the path parameter to wex/cssjs.php. It can help identify ...

CWE-9182020

CVE-2020-24140

HIGH
CVSS:8.3(High)

Server-side request forgery in Wcms 0.3.2 let an attacker send crafted requests from the back-end server of a vulnerable web application via the pagename parameter to wex/html.php. It can help identif...

CWE-9182020

CVE-2022-1285

HIGH
CVSS:8.3(High)

Server-Side Request Forgery (SSRF) in GitHub repository gogs/gogs prior to 0.12.8.

CWE-9182022

CVE-2023-3188

HIGH
CVSS:8.3(High)

Server-Side Request Forgery (SSRF) in GitHub repository owncast/owncast prior to 0.1.0.

CWE-9182023