Critical severityOSV Advisory· Published Apr 1, 2019· Updated Aug 4, 2024
CVE-2019-10686
CVE-2019-10686
Description
An SSRF vulnerability was found in an API from Ctrip Apollo through 1.4.0-SNAPSHOT. An attacker may use it to do an intranet port scan or raise a GET request via /system-info/health because the %23 substring is mishandled.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
com.ctrip.framework.apollo:apolloMaven | <= 1.3.0 | — |
Affected products
1Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
3- github.com/advisories/GHSA-fvx3-g627-phm2ghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2019-10686ghsaADVISORY
- github.com/ctripcorp/apollo/issues/2103ghsax_refsource_MISCWEB
News mentions
0No linked articles in our index yet.