CVE-2020-13226: Server-Side Request Forgery (SSRF)

May 24, 2022 (updated July 13, 2023)

WSO2 API Manager 3.0.0 does not properly restrict outbound network access from a Publisher node, opening up the possibility of SSRF to this node’s entire intranet.

References

docs.wso2.com/display/Security/Security+Advisories
docs.wso2.com/display/Security/WSO2+Security+Vulnerability+Management+Process
github.com/advisories/GHSA-jfgp-q2hg-w285
github.com/wso2/docs-apim/issues/816
github.com/wso2/product-apim/issues/7677
nvd.nist.gov/vuln/detail/CVE-2020-13226

Code Behaviors & Features

Detect and mitigate CVE-2020-13226 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →