VYPR
Unrated severityNVD Advisory· Published Jun 21, 2021· Updated Aug 3, 2024

Blind Server-Side Request Forgery (SSRF) in eLabFTW

CVE-2021-32698

Description

eLabFTW is an open source electronic lab notebook for research labs. This vulnerability allows an attacker to make GET requests on behalf of the server. It is "blind" because the attacker cannot see the result of the request. Issue has been patched in eLabFTW 4.0.0.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

2
  • Elabftw/Elabftwllm-fuzzy2 versions
    <4.0.0+ 1 more
    • (no CPE)range: <4.0.0
    • (no CPE)range: < 4.0.0

Patches

Vulnerability mechanics

References

2

News mentions

0

No linked articles in our index yet.