Home > Vulnerability Database > CVE-2024-31979

Mend.io Vulnerability Database

CVE-2024-31979

Good to know:

Date: July 17, 2024

Server-Side Request Forgery (SSRF) vulnerability in Apache StreamPipes during installation process of pipeline elements. Previously, StreamPipes allowed users to configure custom endpoints from which to install additional pipeline elements. These endpoints were not properly validated, allowing an attacker to get StreamPipes to send an HTTP GET request to an arbitrary address. This issue affects Apache StreamPipes: through 0.93.0. Users are recommended to upgrade to version 0.95.0, which fixes the issue.

Language: TYPE_SCRIPT

Severity Score

4.3

Related Resources (6)

Url: https://nvd.nist.gov/vuln/detail/CVE-2024-31979

Url: https://github.com/apache/streampipes

Url: https://lists.apache.org/thread/8lryp3bxnby9kmk13odkz2jbfdjfvf0y

Url: https://github.com/apache/streampipes/releases/tag/release%2F0.95.0

Url: https://github.com/apache/streampipes/commit/cd5a7b46e3383573f0f2b51da4b7306d4936aa3f

Url: https://www.mend.io/vulnerability-database/CVE-2024-31979

Severity Score

4.3

Weakness Type (CWE)

Server-Side Request Forgery (SSRF)

CWE-918

Top Fix

Upgrade Version

Upgrade to version release/0.95.0

Learn More

CVSS v3.1

Base Score:	4.3
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	LOW
Privileges Required (PR):	LOW
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	NONE
Integrity (I):	LOW
Availability (A):	NONE

Mend.io Vulnerability Database

We found results for “”

CVE-2024-31979

Good to know:

Date: July 17, 2024

Language: TYPE_SCRIPT

Severity Score

Related Resources (6)

Severity Score

Weakness Type (CWE)

Top Fix

Upgrade Version

CVSS v3.1

Do you need more information?