CVE-2021-25972: Server-Side Request Forgery (SSRF)

October 20, 2021 (updated October 25, 2021)

In Camaleon CMS to, are vulnerable to Server-Side Request Forgery (SSRF) in the media upload feature, which allows admin users to fetch media files from external URLs but fails to validate URLs referencing to localhost or other internal servers. This allows attackers to read files stored in the internal server.

References

nvd.nist.gov/vuln/detail/CVE-2021-25972

Code Behaviors & Features

Detect and mitigate CVE-2021-25972 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →