Mend.io Vulnerability Database

What is a CVE vulnerability ID? icon What is a WS vulnerability ID? icon What is an MSC vulnerability ID? icon
New vulnerability? Tell us about it!
icon

We found results for “

WS-2024-0014

Date: June 2, 2024

Several integrations are vulnerable to requests to unexpected APIs of the integrated services and retrieve their responses. This could lead to significant information disclosure, including credentials (like API keys or passwords), personal information, internal settings, etc., that could end up even in remote code execution.

Language: JS

Severity Score

Related Resources (2)

https://github.com/gethomepage/homepage/security/advisories/GHSA-24m5-7vjx-9x37
https://www.mend.io/vulnerability-database/WS-2024-0014

Weakness Type (CWE)

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

CWE-22

Server-Side Request Forgery (SSRF)

CWE-918

CVSS v3

Base Score:
Attack Vector (AV):
Attack Complexity (AC):
Privileges Required (PR):
User Interaction (UI):
Scope (S):
Confidentiality (C):
Integrity (I):
Availability (A):

Do you need more information?

Contact Us