VYPR
Vendor

Ctripcorp

Products
2
CVEs
2
Across products
2
Status
Private

Products

2

Recent CVEs

2
  • CVE-2019-10686CriApr 1, 2019
    risk 0.65cvss 10.0epss 0.02

    An SSRF vulnerability was found in an API from Ctrip Apollo through 1.4.0-SNAPSHOT. An attacker may use it to do an intranet port scan or raise a GET request via /system-info/health because the %23 substring is mishandled.

  • CVE-2020-15170HigSep 10, 2020
    risk 0.00cvss 7.0epss 0.01

    apollo-adminservice before version 1.7.1 does not implement access controls. If users expose apollo-adminservice to internet(which is not recommended), there are potential security issues since apollo-adminservice is designed to work in intranet and it doesn't have access…