CVE-2023-44313

HIGH7.6EPSS 69.1%

Apache ServiceComb Service-Center Server-Side Request Forgery vulnerability

Published: 1/31/2024Modified: 2/13/2025

Also known as:GHSA-9xc9-xq7w-vpcrGO-2024-2495

Description

Server-Side Request Forgery (SSRF) vulnerability in Apache ServiceComb Service-Center. Attackers can obtain sensitive server information through specially crafted requests.This issue affects Apache ServiceComb before 2.1.0 (included). Users are recommended to upgrade to version 2.2.0, which fixes the issue.

Affected packages (2)

Go/github.com/apache/servicecomb-service-centerfrom 0, < 2.2.0
Go/github.com/apache/servicecomb-service-centerfrom 0

CVSS scores

Source	Version	Severity	Vector
osv	CVSS 4.0	—	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:L/VA:L/SC:N/SI:N/SA:N
osv	CVSS 3.1	HIGH7.6	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:L/A:L

References (5)

ADVISORYhttps://github.com/advisories/GHSA-9xc9-xq7w-vpcr
ADVISORYhttps://nvd.nist.gov/vuln/detail/CVE-2023-44313
PATCHhttps://github.com/apache/servicecomb-service-center
WEBhttps://lists.apache.org/thread/kxovd455o9h4f2v811hcov2qknbwld5r
WEBhttp://www.openwall.com/lists/oss-security/2024/01/31/4