Description
Microcks up to 1.17.1 was discovered to contain a Server-Side Request Forgery (SSRF) via the component /jobs and /artifact/download. This vulnerability allows attackers to access network resources and sensitive information via a crafted GET request.
Remediation
References
https://github.com/microcks/microcks
https://github.com/orgs/microcks/discussions/892
https://gist.github.com/b33t1e/2a2dc17cf36cd741b2c99425c892d826
Related Vulnerabilities
CVE-2022-45210 Vulnerability in maven package org.jeecgframework.boot:jeecg-module-system
CVE-2022-25354 Vulnerability in npm package set-in
CVE-2020-28424 Vulnerability in npm package s3-kilatstorage
CVE-2021-26276 Vulnerability in npm package config-shield
CVE-2020-8124 Vulnerability in maven package org.webjars.bowergithub.unshiftio:url-parse