CVE-2024-51408 | THREATINT

Description

AppSmith Community 1.8.3 before 1.46 allows SSRF via New DataSource for application/json requests to 169.254.169.254 to retrieve AWS metadata credentials.

PUBLISHED Reserved 2024-10-28 | Published 2024-11-04 | Updated 2024-11-05 | Assigner mitre

HIGH: 8.5CVSS:3.1/AC:H/AV:N/A:H/C:H/I:H/PR:L/S:C/UI:N

References

github.com/appsmithorg/appsmith/pull/29286

github.com/...ulnerability-Research/tree/main/CVE-2024-51408

github.com/appsmithorg/appsmith/releases/tag/v1.46

cve.org (CVE-2024-51408)

nvd.nist.gov (CVE-2024-51408)

Download JSON