CVE-2023-44313 – github.com/apache/servicecomb-service-center

Package

Manager: go
Name: github.com/apache/servicecomb-service-center
Vulnerable Version: >=0 <2.2.0

Severity

Level: High

CVSS v3.1: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:L/A:L

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:L/VA:L/SC:N/SI:N/SA:N

EPSS: 0.58284 pctl0.98125

Details

Apache ServiceComb Service-Center Server-Side Request Forgery vulnerability Server-Side Request Forgery (SSRF) vulnerability in Apache ServiceComb Service-Center. Attackers can obtain sensitive server information through specially crafted requests.This issue affects Apache ServiceComb before 2.1.0 (included). Users are recommended to upgrade to version 2.2.0, which fixes the issue.

Metadata

Created: 2024-01-31T09:30:18Z
Modified: 2025-02-13T19:32:39Z
Source: https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2024/01/GHSA-9xc9-xq7w-vpcr/GHSA-9xc9-xq7w-vpcr.json
CWE IDs: ["CWE-918"]
Alternative ID: GHSA-9xc9-xq7w-vpcr
Finding: F100
Auto approve: 1