CVE-2022-36663
Server-Side Request Forgery (SSRF) in maven/org.gluu/oxauth-common
Identifiers
GHSA-hc94-9v26-gxwv, CVE-2022-36663
Package Slug
maven/org.gluu/oxauth-common
Vulnerability
Server-Side Request Forgery (SSRF)
Description
Gluu Oxauth before v4.4.1 allows attackers to execute blind SSRF (Server-Side Request Forgery) attacks via a crafted request_uri parameter.
Affected Versions
All versions before 4.4.1
Solution
Upgrade to version 4.4.1 or above.
Last Modified
2022-09-19
| source |