PlantUML 1.2022.4

CPE Details

PlantUML 1.2022.4
plantuml
plantuml
1.2022.4
2022-04-27
14h41 +00:00
2022-04-27
21h15 +00:00
CPE NVD
Alerte pour un CPE
Stay informed of any changes for a specific CPE.
Notifications manage

CPE Name: cpe:2.3:a:plantuml:plantuml:1.2022.4:*:*:*:*:*:*:*

Informations

Vendor

plantuml

Product

plantuml

Version

1.2022.4

Related CVE

Open and find in CVE List

CVE ID Published Description Score Severity
CVE-2023-3432 2023-06-27 14h30 +00:00 Server-Side Request Forgery (SSRF) in GitHub repository plantuml/plantuml prior to 1.2023.9.
10
Critical
CVE-2023-3431 2023-06-27 14h28 +00:00 Improper Access Control in GitHub repository plantuml/plantuml prior to 1.2023.9.
5.3
Medium
CVE-2022-1379 2022-05-14 07h55 +00:00 URL Restriction Bypass in GitHub repository plantuml/plantuml prior to V1.2022.5. An attacker can abuse this to bypass URL restrictions that are imposed by the different security profiles and achieve server side request forgery (SSRF). This allows accessing restricted internal resources/servers or sending requests to third party servers.
9.1
Critical
The information presented on CVE Find originates from several carefully selected reference sources. CVE data is provided by MITRE Corporation and the National Vulnerability Database (NVD). The Known Exploited Vulnerabilities (KEV) catalog is sourced from the Cybersecurity and Infrastructure Security Agency (CISA), while EPSS scores come from FIRST.org. Additionally, data regarding software weaknesses (CWE) and common attack patterns (CAPEC) is maintained by MITRE Corporation, and information on hardware and software configurations (CPE) is provided by the NVD.