CVE-2024-5885
- Reference to the description:
- Description:
- stangirard/quivr version 0.0.236 contains a Server-Side Request Forgery (SSRF) vulnerability. The application does not provide sufficient controls when crawling a website, allowing an attacker to access applications on the local network. This vulnerability could allow a malicious user to gain access to internal servers, the AWS metadata endpoint, and capture Supabase data.
- Last updated date:
- 08/20/2024
- Type:
- exploit
- Confidence:
- HIGH
- Date of publishing:
- 08/20/2024
- Reference url to background
https://huntr.com/bounties/c178bf48-1d4a-4743-87ca-4cc8e475d274