GHSA-mfjw-x4q4-69p9, CVE-2019-18394
maven/org.igniterealtime.openfire/parent
Server-Side Request Forgery (SSRF)
A Server Side Request Forgery (SSRF) vulnerability in FaviconServlet.java in Ignite Realtime Openfire through 4.4.2 allows attackers to send arbitrary HTTP GET requests.
All versions before 4.5.0-beta
Upgrade to version 4.5.0-beta or above. Note: 4.5.0-beta may be an unstable version. Use caution.
2022-11-23
source |