alpine · CVE-2019-10686

Quick triage

Priority: critical Published: Updated:

View at Official alpine advisory, NVD, CVE.org · CVE detail

Freshness: no update timestamp found; verify against the upstream OS advisory manually.

Tracker summary

CVE-2019-10686: 1 source package rows (apollo); 26 state rows across 3 repos (3.22-community, 3.23-community, edge-community); fixed 0, open 26.

Description:

An SSRF vulnerability was found in an API from Ctrip Apollo through 1.4.0-SNAPSHOT. An attacker may use it to do an intranet port scan or raise a GET request via /system-info/health because the %23 substring is mishandled.

cvelogic Threat Intelligence