Home

Description

halo v2.20.17 and before is vulnerable to server-side request forgery (SSRF) in /apis/uc.api.storage.halo.run/v1alpha1/attachments/-/upload-from-url.

PUBLISHED Reserved 2025-04-22 | Published 2025-09-09 | Updated 2025-09-10 | Assigner mitre

References

meadow-horn-b94.notion.site/...1880c09936df07f58f5bed?pvs=74

cve.org (CVE-2025-44594)

nvd.nist.gov (CVE-2025-44594)

Download JSON