CVE-2023-44313: Apache ServiceComb Service-Center Server-Side Request Forgery vulnerability

January 31, 2024 (updated February 13, 2025)

Server-Side Request Forgery (SSRF) vulnerability in Apache ServiceComb Service-Center. Attackers can obtain sensitive server information through specially crafted requests.This issue affects Apache ServiceComb before 2.1.0 (included). Users are recommended to upgrade to version 2.2.0, which fixes the issue.

References

github.com/advisories/GHSA-9xc9-xq7w-vpcr
github.com/apache/servicecomb-service-center
lists.apache.org/thread/kxovd455o9h4f2v811hcov2qknbwld5r
nvd.nist.gov/vuln/detail/CVE-2023-44313

Code Behaviors & Features

Detect and mitigate CVE-2023-44313 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →