CVE-2024-2796

EUVD-2024-27740
A server-side request forgery (SSRF) was discovered in the Akana API Platform in versions prior to and including 2022.1.3. Reported by Jakob Antonsson.
SSRF
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
9.3 CRITICAL
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:L/A:N
Base Score
CVSS 3.x
EPSS Score
Percentile: 52%
Early Detection
Affected products identified ahead of NVD analysis through intelligence sources.
VendorProductVersionSource
akanaakana_api_platform
2022.1.1 ≤
𝑥
< 2022.1.1
ADP
akanaakana_api_platform
2022.1.2 ≤
𝑥
< 2022.1.2
ADP
akanaakana_api_platform
2022.1.3 ≤
𝑥
< 2022.1.3
ADP
akanaakana_api_platform
0.0.0 ≤
𝑥
< 2024.1.0
ADP
Common Weakness Enumeration
References
https://portal.perforce.com/s/detail/a91PA000001STuXYAW
https://portal.perforce.com/s/detail/a91PA000001STuXYAW