Description
UReport v2.2.9 contains a Server-Side Request Forgery (SSRF) in the designer page which allows attackers to detect intranet device ports.
Remediation
References
https://github.com/youseries/ureport/issues/483
Related Vulnerabilities
CVE-2017-16215 Vulnerability in npm package sgqserve
CVE-2020-7724 Vulnerability in npm package tiny-conf
CVE-2020-36049 Vulnerability in maven package org.webjars.npm:socket.io-parser
CVE-2021-32854 Vulnerability in maven package org.webjars.bower:textangular
CVE-2020-35210 Vulnerability in maven package io.atomix:atomix