CVSS: 8.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-51408
https://notcve.org/view.php?id=CVE-2024-51408
04 Nov 2024 — AppSmith Community 1.8.3 before 1.46 allows SSRF via New DataSource for application/json requests to 169.254.169.254 to retrieve AWS metadata credentials. • https://github.com/appsmithorg/appsmith/pull/29286 • CWE-918: Server-Side Request Forgery (SSRF) •
CVSS: 8.8EPSS: 6%CPEs: 1EXPL: 2CVE-2022-4096 – Server-Side Request Forgery (SSRF) in appsmithorg/appsmith
https://notcve.org/view.php?id=CVE-2022-4096
21 Nov 2022 — Server-Side Request Forgery (SSRF) in GitHub repository appsmithorg/appsmith prior to 1.8.2. Server-Side Request Forgery (SSRF) en el repositorio de GitHub appsmithorg/appsmith anterior a 1.8.2. • https://github.com/aminetitrofine/CVE-2022-4096 • CWE-918: Server-Side Request Forgery (SSRF) •
CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0CVE-2022-38299
https://notcve.org/view.php?id=CVE-2022-38299
12 Sep 2022 — An issue in the Elasticsearch plugin of Appsmith v1.7.11 allows attackers to connect disallowed hosts to the AWS/GCP internal metadata endpoint. Un problema en el plugin de Elasticsearch de Appsmith versión v1.7.11, permite a atacantes conectar hosts no permitidos al endpoint de metadatos internos de AWS/GCP • https://github.com/appsmithorg/appsmith/pull/15834 •
CVSS: 9.0EPSS: 0%CPEs: 1EXPL: 0CVE-2022-38298
https://notcve.org/view.php?id=CVE-2022-38298
12 Sep 2022 — Appsmith v1.7.11 was discovered to allow attackers to execute an authenticated Server-Side Request Forgery (SSRF) via redirecting incoming requests to the AWS internal metadata endpoint. Se ha detectado que Appsmith versión v1.7.11, permite a atacantes ejecutar un ataque de tipo Server-Side Request Forgery (SSRF) autenticado por medio de un redireccionamiento de las peticiones entrantes al endpoint de metadatos internos de AWS • https://github.com/appsmithorg/appsmith/pull/15782 • CWE-918: Server-Side Request Forgery (SSRF) •
CVSS: 8.9EPSS: 0%CPEs: 1EXPL: 1CVE-2022-39824
https://notcve.org/view.php?id=CVE-2022-39824
05 Sep 2022 — Server-side JavaScript injection in Appsmith through 1.7.14 allows remote attackers to execute arbitrary JavaScript code from the server via the currentItem property of the list widget, e.g., to perform DoS attacks or achieve an information leak. Una inyección de JavaScript del lado del servidor en Appsmith versiones hasta 1.7.14, permite a atacantes remotos ejecutar código JavaScript arbitrario desde el servidor por medio de la propiedad currentItem del widget de la lista, por ejemplo, para llevar a cabo a... • https://github.com/FCncdn/Appsmith-Js-Injection-POC • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •