CVE-2019-18394

Server-Side Request Forgery (SSRF) in maven/org.igniterealtime.openfire/parent

Identifiers

GHSA-mfjw-x4q4-69p9, CVE-2019-18394

Package Slug

maven/org.igniterealtime.openfire/parent

Vulnerability

Server-Side Request Forgery (SSRF)

Description

A Server Side Request Forgery (SSRF) vulnerability in FaviconServlet.java in Ignite Realtime Openfire through 4.4.2 allows attackers to send arbitrary HTTP GET requests.

Affected Versions

All versions before 4.5.0-beta

Solution

Upgrade to version 4.5.0-beta or above. Note: 4.5.0-beta may be an unstable version. Use caution.

Last Modified

2022-11-23

source