VYPR

Maven package

com.ctrip.framework.apollo/apollo

pkg:maven/com.ctrip.framework.apollo/apollo

Vulnerabilities (4)

  • CVE-2024-43397Aug 20, 2024
    affected < 2.3.0fixed 2.3.0

    Apollo is a configuration management system. A vulnerability exists in the synchronization configuration feature that allows users to craft specific requests to bypass permission checks. This exploit enables them to modify a namespace without the necessary permissions. The issue

  • CVE-2023-25570Feb 20, 2023
    affected < 2.1.0fixed 2.1.0

    Apollo is a configuration management system. Prior to version 2.1.0, there are potential security issues if users expose apollo-configservice to the internet, which is not recommended. This is because there is no authentication feature enabled for the built-in eureka service. Mal

  • CVE-2023-25569Feb 20, 2023
    affected < 2.1.0fixed 2.1.0

    Apollo is a configuration management system. Prior to version 2.1.0, a low-privileged user can create a special web page. If an authenticated portal admin visits this page, the page can silently send a request to assign new roles for that user without any confirmation from the Po

  • CVE-2019-10686Apr 1, 2019
    affected <= 1.3.0

    An SSRF vulnerability was found in an API from Ctrip Apollo through 1.4.0-SNAPSHOT. An attacker may use it to do an intranet port scan or raise a GET request via /system-info/health because the %23 substring is mishandled.