CVE-2024-31979 – streampipes

Package

Manager: pip
Name: streampipes
Vulnerable Version: >=0 <0.95.0

Severity

Level: Medium

CVSS v3.1: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N

EPSS: 0.00711 pctl0.71387

Details

Apache StreamPipes has possibility of SSRF in pipeline element installation process Server-Side Request Forgery (SSRF) vulnerability in Apache StreamPipes during installation process of pipeline elements. Previously, StreamPipes allowed users to configure custom endpoints from which to install additional pipeline elements. These endpoints were not properly validated, allowing an attacker to get StreamPipes to send an HTTP GET request to an arbitrary address. This issue affects Apache StreamPipes: through 0.93.0. Users are recommended to upgrade to version 0.95.0, which fixes the issue.

Metadata

Created: 2024-07-17T09:30:49Z
Modified: 2025-01-21T18:27:30Z
Source: https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2024/07/GHSA-9gr7-gh74-qg9x/GHSA-9gr7-gh74-qg9x.json
CWE IDs: ["CWE-918"]
Alternative ID: GHSA-9gr7-gh74-qg9x
Finding: F100
Auto approve: 1