| Summary | xtreme1 <= v0.9.1 contains a Server-Side Request Forgery (SSRF) vulnerability in the /api/data/upload path. The vulnerability is triggered through the fileUrl parameter, which allows an attacker to make arbitrary requests to internal or external systems. |
|---|---|
| Publication Date | Oct. 31, 2024, 6:15 a.m. |
| Registration Date | Oct. 31, 2024, noon |
| Last Update | Nov. 1, 2024, 9:57 p.m. |