Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[GHSA-hxgx-584x-vwm8] Appwrite Server-Side Request Forgery vulnerability #4514

Conversation

abnegate
Copy link

@abnegate abnegate commented Jun 6, 2024

Updates

  • Affected products
  • CVSS
  • Severity

Comments
Fixed in 1.3.0, confidentiality is low as no internal data is exposed.

@github-actions github-actions bot changed the base branch from main to abnegate/advisory-improvement-4514 June 6, 2024 04:40
@JonathanLEvans
Copy link

Hi @abnegate, thank you for your contribution. Could you provide a reference link that documents the fix in 1.3.0?

Also, while we can update the description in our database, we cannot update the description of the CVE record because the ID was assigned by MITRE. To get MITRE to update the record, you need to contact them using the "Request an update to an existing CVE Entry" form at https://cveform.mitre.org/.

Similarly, the CVSS vector was generated by the NVD so you will need to contact them using their form.

@advisory-database advisory-database bot closed this Jul 8, 2024
@github-actions github-actions bot deleted the abnegate-GHSA-hxgx-584x-vwm8 branch July 8, 2024 18:58
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

2 participants