NotCVE - vendor:"Appwrite" product:"Appwrite" version:"

4 results (0.008 seconds)

CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0

CVE-2024-1063

https://notcve.org/view.php?id=CVE-2024-1063

30 Jan 2024 — Appwrite <= v1.4.13 is affected by a Server-Side Request Forgery (SSRF) via the '/v1/avatars/favicon' endpoint due to an incomplete fix of CVE-2023-27159. Appwrite <= v1.4.13 se ve afectada por Server-Side Request Forgery (SSRF) a través del endpoint '/v1/avatars/favicon' debido a una solución incompleta de CVE-2023-27159. • https://www.tenable.com/security/research/tra-2024-03 • CWE-918: Server-Side Request Forgery (SSRF) •

CVSS: 7.8EPSS: 77%CPEs: 1EXPL: 3

CVE-2023-27159

https://notcve.org/view.php?id=CVE-2023-27159

31 Mar 2023 — Appwrite up to v1.2.1 was discovered to contain a Server-Side Request Forgery (SSRF) via the component /v1/avatars/favicon. This vulnerability allows attackers to access network resources and sensitive information via a crafted GET request. • http://appwrite.com • CWE-918: Server-Side Request Forgery (SSRF) •

CVSS: 9.0EPSS: 0%CPEs: 1EXPL: 1

CVE-2022-2925 – Cross-site Scripting (XSS) - Stored in appwrite/appwrite

https://notcve.org/view.php?id=CVE-2022-2925

09 Sep 2022 — Cross-site Scripting (XSS) - Stored in GitHub repository appwrite/appwrite prior to 1.0.0-RC1. Una vulnerabilidad de tipo Cross-site Scripting (XSS) - Almacenado en el repositorio GitHub appwrite/appwrite versiones anteriores a 1.0.0-RC1 • https://github.com/appwrite/appwrite/commit/b5b4d92623c13fa8e5c71736db461e81fb7a7ade • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 9.8EPSS: 4%CPEs: 3EXPL: 2

CVE-2021-23682 – Prototype Pollution

https://notcve.org/view.php?id=CVE-2021-23682

16 Feb 2022 — This affects the package litespeed.js before 0.3.12; the package appwrite/server-ce from 0.12.0 and before 0.12.2, before 0.11.1. When parsing the query string in the getJsonFromUrl function, the key that is set in the result object is not properly sanitized leading to a Prototype Pollution vulnerability. Esto afecta al paquete litespeed.js versiones anteriores a 0.3.12; al paquete appwrite/server-ce desde versión 0.12.0 y anteriores a 0.12.2, anteriores a 0.11.1. Cuando es analizada la cadena de consulta e... • https://github.com/appwrite/appwrite/pull/2778 • CWE-1321: Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution') •