References to Advisories, Solutions, and Tools

By selecting these links, you will be leaving NIST webspace. We have provided these links to other web sites because they may have information that would be of interest to you. No inferences should be drawn on account of other sites being referenced, or not, from this page. There may be other web sites that are more appropriate for your purpose. NIST does not necessarily endorse the views expressed, or concur with the facts presented on these sites. Further, NIST does not endorse any commercial products that may be mentioned on these sites. Please address comments about this page to nvd@nist.gov.

Known Affected Software Configurations Switch to CPE 2.2

Change History

OR
     *cpe:2.3:a:quivr:quivr:0.0.236:*:*:*:*:*:*:*

NIST AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N

https://huntr.com/bounties/c178bf48-1d4a-4743-87ca-4cc8e475d274 No Types Assigned

https://huntr.com/bounties/c178bf48-1d4a-4743-87ca-4cc8e475d274 Exploit, Technical Description

huntr.dev AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N

huntr.dev CWE-918

stangirard/quivr version 0.0.236 contains a Server-Side Request Forgery (SSRF) vulnerability. The application does not provide sufficient controls when crawling a website, allowing an attacker to access applications on the local network. This vulnerability could allow a malicious user to gain access to internal servers, the AWS metadata endpoint, and capture Supabase data.

huntr.dev https://huntr.com/bounties/c178bf48-1d4a-4743-87ca-4cc8e475d274 [No types assigned]