CVE-2024-4851 | SSRF Vulnerability in stangirard/quivr
Exp
A Server-Side Request Forgery (SSRF) vulnerability exists in the stangirard/quivr application, version 0.0.204, which allows attackers to access internal networks. The vulnerability is present in the crawl endpoint where the 'url' parameter can be manipulated to send HTTP requests to arbitrary URLs, thereby facilitating SSRF attacks. The affected code is located in the backend/routes/crawl_routes.py file, specifically within the crawl_endpoint function. This issue could allow attackers to interact with internal services that are accessible from the server hosting the application.
Conclusion & alert: CVE-2024-4851 is rated High Exploit Risk (61.2/100): CVSS High severity, with low exploitation likelihood (EPSS 0.58%).Core evidence: 1 public exploit reference(s) are indexed (Exploit-DB).Mandatory action: Public exploits are available—assess exposure, apply mitigations, and prioritize patching.
Risk is dynamic; we continuously reassess and refresh what is shown on this page as upstream context changes.
Public exploit references (Exploit-DB) for CVE-2024-4851
Exploit prediction scoring system (EPSS) score for CVE-2024-4851
EPSS lead: Daily EPSS estimates relative likelihood of exploitation; percentile ranks this CVE among scored vulnerabilities (higher = more severe relative rank).