Home > Vulnerability Database > WS-2024-0014

Mend.io Vulnerability Database

WS-2024-0014

Good to know:

Date: June 2, 2024

Several integrations are vulnerable to requests to unexpected APIs of the integrated services and retrieve their responses. This could lead to significant information disclosure, including credentials (like API keys or passwords), personal information, internal settings, etc., that could end up even in remote code execution.

Language: JS

Severity Score

10.0

Related Resources (2)

Url: https://github.com/gethomepage/homepage/security/advisories/GHSA-24m5-7vjx-9x37

Url: https://www.mend.io/vulnerability-database/WS-2024-0014

Severity Score

10.0

Weakness Type (CWE)

Path Traversal

CWE-22

Server-Side Request Forgery (SSRF)

CWE-918

Top Fix

Upgrade Version

Upgrade to version v0.9.1

Learn More

CVSS v3.1

Base Score:	10.0
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	LOW
Privileges Required (PR):	NONE
User Interaction (UI):	NONE
Scope (S):	CHANGED
Confidentiality (C):	HIGH
Integrity (I):	HIGH
Availability (A):	HIGH

Mend.io Vulnerability Database

We found results for “”

WS-2024-0014

Good to know:

Date: June 2, 2024

Language: JS

Severity Score

Related Resources (2)

Severity Score

Weakness Type (CWE)

Top Fix

Upgrade Version

CVSS v3.1

Do you need more information?