← volver
CVE-2017-18638

CVE-2017-18638

EPSS 16.9%
Vexday Risk Score
23Bajo
Decisión SSVC (CISA)
Attend
PoC disponible → seguir de cerca
Madurez del exploit
Exploit funcional
Exploit automatizable disponible (Nuclei/Metasploit).
CVSS EPSS 16.9%KEV nãoPoC Nuclei simMetasploit Patch
Ciclo de vida
11 oct 2019Publicada en NVD
Recomendación: Planificar corrección próxima — ya existe PoC pública.
send_email in graphite-web/webapp/graphite/composer/views.py in Graphite through 1.1.5 is vulnerable to SSRF. The vulnerable SSRF endpoint can be used by an attacker to have the Graphite web server request any resource. The response to this SSRF request is encoded into an image file and then sent to an e-mail address that can be supplied by the attacker. Thus, an attacker can exfiltrate any information.
Productos afectados
n/a · n/a