CVE-2024-55089

low-risk

Published 2024-12-18

Rhymix before 2.1.24 is vulnerable to Server-Side Request Forgery (SSRF) in the background import data function because XML documents may contain external entities.

Do I need to act?

0.10% chance of exploitation

EPSS score — low exploit probability

Not on CISA KEV list

No confirmed active exploitation reported to CISA

Patch status unknown

Check vendor advisories for fix availability and mitigation guidance

CVSS 4.1/10 Medium

NETWORK / LOW complexity

Affected Products (1)

Rhymix

Affected Vendors

Rhymix

References (3)

https://github.com/rhymix/rhymix/commit/464985b1ef382cc8cf852e9b028a960aa58b40c3

https://rhymix.org/news/1909005

Broken Link https://tasteful-stamp-da4.notion.site/CVE-2024-55089-15b1e0f227cb8064a563c69770...

/ 100

low-risk

Severity 18/34 · Moderate

Exploitability 0/34 · Minimal

Exposure 5/34 · Minimal