CVE-2021-41792: Server-Side Request Forgery (SSRF)

October 21, 2021 (updated October 27, 2021)

An issue was discovered in Hyland org.alfresco:alfresco-content-services and org.alfresco:alfresco-transform-services A crafted HTML file, once uploaded, could trigger an unexpected request by the transformation engine. The response to the request is not available to the attacker, i.e., this is blind SSRF.

References

nvd.nist.gov/vuln/detail/CVE-2021-41792

Code Behaviors & Features

Detect and mitigate CVE-2021-41792 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →