Home
MEDIUM: 5.0 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:L/A:NDefault status
unaffected
Any version before 21.2.12
affected
22 (custom) before 22.1.7
unaffected
22.1.8 (custom) before 22.1.9
affected
22.2 (custom) before 22.2.3
affected
22.2.4 (custom) before 22.2.6
affected
23 (custom) before 23.1.3
affected
Description
DevExpress before 23.1.3 allows AsyncDownloader SSRF.
Problem types
CWE-918 Server-Side Request Forgery (SSRF)
Product status
Any version before 21.2.12
22 (custom) before 22.1.7
22.1.8 (custom) before 22.1.9
22.2 (custom) before 22.2.3
22.2.4 (custom) before 22.2.6
23 (custom) before 23.1.3
References
supportcenter.devexpress.com/...ory-updated-on-april-27-2023
supportcenter.devexpress.com/...ion-can-lead-to-ssrf-attacks
supportcenter.devexpress.com/...to-help-prevent-ssrf-attacks
code-white.com/public-vulnerability-list/
supportcenter.devexpress.com/...-forgery-via-asyncdownloader