CVE-2023-27159

high-risk
Published 2023-03-31

Appwrite up to v1.2.1 was discovered to contain a Server-Side Request Forgery (SSRF) via the component /v1/avatars/favicon. This vulnerability allows attackers to access network resources and sensitive information via a crafted GET request.

Do I need to act?

!
80.2% chance of exploitation in next 30 days
EPSS score — higher than 20% of all CVEs
-
Not on CISA KEV list
No confirmed active exploitation reported to CISA
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
7
CVSS 7.5/10 High
NETWORK / LOW complexity

Affected Products (1)

Appwrite

Affected Vendors

Appwrite

References (10)

Broken Link http://appwrite.com
Exploit https://gist.github.com/b33t1e/43b26c31e895baf7e7aea2dbf9743a9a
Exploit https://gist.github.com/b33t1e/e9e8192317c111e7897e04d2f9bf5fdb
Product https://github.com/appwrite/appwrite
Exploit https://notes.sjtu.edu.cn/gMNlpByZSDiwrl9uZyHTKA
Broken Link http://appwrite.com
Exploit https://gist.github.com/b33t1e/43b26c31e895baf7e7aea2dbf9743a9a
Exploit https://gist.github.com/b33t1e/e9e8192317c111e7897e04d2f9bf5fdb
Product https://github.com/appwrite/appwrite
Exploit https://notes.sjtu.edu.cn/gMNlpByZSDiwrl9uZyHTKA
51
/ 100
high-risk
Severity 26/34 · High
Exploitability 20/34 · Moderate
Exposure 5/34 · Minimal