VYPR
Unrated severityNVD Advisory· Published Jun 27, 2024· Updated Aug 1, 2024

Server-Side Request Forgery (SSRF) in stangirard/quivr

CVE-2024-5885

Description

stangirard/quivr version 0.0.236 contains a Server-Side Request Forgery (SSRF) vulnerability. The application does not provide sufficient controls when crawling a website, allowing an attacker to access applications on the local network. This vulnerability could allow a malicious user to gain access to internal servers, the AWS metadata endpoint, and capture Supabase data.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

2
  • QuivrHQ/Quivrllm-fuzzy
    Range: = 0.0.236
  • stangirard/stangirard/quivrv5
    Range: unspecified

Patches

Vulnerability mechanics

References

1

News mentions

0

No linked articles in our index yet.