CVE-2019-9827: Server-Side Request Forgery

July 3, 2019 (updated July 10, 2019)

Hawt Hawtio is vulnerable to SSRF, allowing a remote attacker to trigger an HTTP request from an affected server to an arbitrary host via the initial /proxy/ substring of a URI.

References

nvd.nist.gov/vuln/detail/CVE-2019-9827
www.ciphertechs.com/hawtio-advisory/

Code Behaviors & Features

Detect and mitigate CVE-2019-9827 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →