CVE Vulnerabilities

CVE-2024-52594

Server-Side Request Forgery (SSRF)

Published: Jan 16, 2025 | Modified: Jan 16, 2025
CVSS 3.x
N/A
Source:
NVD
CVSS 2.x
RedHat/V2
RedHat/V3
Ubuntu

Gomatrixserverlib is a Go library for matrix federation. Gomatrixserverlib is vulnerable to server-side request forgery, serving content from a private network it can access, under certain conditions. The commit c4f1e01 fixes this issue. Users are advised to upgrade. Users unable to upgrade should use a local firewall to limit the network segments and hosts the service using gomatrixserverlib can access.

Weakness

The web server receives a URL or similar request from an upstream component and retrieves the contents of this URL, but it does not sufficiently ensure that the request is being sent to the expected destination.

References