Gluu Oxauth before v4.4.1 vulnerable to Server-Side Request Forgery attacks via a crafted request_uri parameter
Critical severity
GitHub Reviewed
Published
Sep 7, 2022
to the GitHub Advisory Database
•
Updated Apr 6, 2023
Description
Published by the National Vulnerability Database
Sep 6, 2022
Published to the GitHub Advisory Database
Sep 7, 2022
Reviewed
Sep 16, 2022
Last updated
Apr 6, 2023
Credits
-
tdunlap607 Analyst
Gluu Oxauth before v4.4.1 allows attackers to execute blind SSRF (Server-Side Request Forgery) attacks via a crafted request_uri parameter.
References