Home > Vulnerability Database > WS-2024-0014

Mend.io Vulnerability Database

WS-2024-0014

Date: June 2, 2024

Several integrations are vulnerable to requests to unexpected APIs of the integrated services and retrieve their responses. This could lead to significant information disclosure, including credentials (like API keys or passwords), personal information, internal settings, etc., that could end up even in remote code execution.

Language: JS

Severity Score

10.0

Related Resources (2)

Url: https://github.com/gethomepage/homepage/security/advisories/GHSA-24m5-7vjx-9x37

Url: https://www.mend.io/vulnerability-database/WS-2024-0014

Severity Score

10.0

Weakness Type (CWE)

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

CWE-22

Server-Side Request Forgery (SSRF)

CWE-918

CVSS v3.1

Base Score:	10.0
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	LOW
Privileges Required (PR):	NONE
User Interaction (UI):	NONE
Scope (S):	CHANGED
Confidentiality (C):	HIGH
Integrity (I):	HIGH
Availability (A):	HIGH

Mend.io Vulnerability Database

We found results for “”

WS-2024-0014

Date: June 2, 2024

Language: JS

Severity Score

Related Resources (2)

Severity Score

Weakness Type (CWE)

CVSS v3.1

Do you need more information?