VYPR
Low severity2.7NVD Advisory· Published Feb 9, 2022· Updated Jun 17, 2026

CVE-2021-25939

CVE-2021-25939

Description

In ArangoDB, versions v3.7.0 through v3.9.0-alpha.1 have a feature which allows downloading a Foxx service from a publicly available URL. This feature does not enforce proper filtering of requests performed internally, which can be abused by a highly-privileged attacker to perform blind SSRF and send internal requests to localhost.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

2
  • ArangoDB/ArangoDBllm-fuzzy2 versions
    v3.7.0-v3.9.0-alpha.1+ 1 more
    • (no CPE)range: v3.7.0-v3.9.0-alpha.1
    • (no CPE)range: v3.7.0

Patches

Vulnerability mechanics

References

3

News mentions

0

No linked articles in our index yet.