CVE-2019-11767: Server-Side Request Forgery (SSRF)

May 5, 2019 (updated May 6, 2019)

Server side request forgery (SSRF) in phpBB allows checking for the existence of files and services on the local network of the host through the remote avatar upload function.

References

nvd.nist.gov/vuln/detail/CVE-2019-11767
www.phpbb.com/community/viewtopic.php?f=14&t=2509941

Detect and mitigate CVE-2019-11767 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →