Beet1E

**Name of the Vulnerable Software and Affected Versions** forem versions up to v2022.11.11 **Description** The issue is related to a Server-Side Request Forgery (SSRF) via the component "/articles/{id}". This allows attackers to access network resources and sensitive information via a crafted POST request. **Recommendations** For versions up to v2022.11.11, consider restricting access to the "/articles/{id}" component until a patch is available. As a temporary workaround, avoid using the `id` variable in the affected API endpoint to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** openapi-generator versions up to v6.4.0 **Description** The issue is related to a Server-Side Request Forgery (SSRF) in the component "/api/gen/clients/{language}". This allows attackers to access network resources and sensitive information via a crafted API request. **Recommendations** For versions up to v6.4.0, consider disabling the "/api/gen/clients/{language}" component until a patch is available. Restrict access to this component to minimize the risk of exploitation. Avoid using crafted API requests to the affected endpoint until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Jellyfin versions up to 10.7.7 **Description** The issue allows attackers to access network resources and sensitive information via a crafted POST request to the /Repositories component, enabling Server-Side Request Forgery (SSRF). This can lead to unauthorized access to sensitive data. **Recommendations** For Jellyfin versions up to 10.7.7, as a temporary workaround, consider restricting access to the /Repositories component until a patch is available. Avoid using the vulnerable component to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Halo versions up to 1.6.1 **Description** The issue allows attackers to execute arbitrary code via a crafted .md file due to an arbitrary file upload vulnerability. **Recommendations** For versions up to 1.6.1, update to a version later than 1.6.1 to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** request-baskets versions up to v1.2.1 **Description** The issue is related to a Server-Side Request Forgery (SSRF) vulnerability via the component "/api/baskets/{name}". This allows attackers to access network resources and sensitive information by sending a crafted API request. The vulnerability is due to insufficient validation of incoming requests when handling the `{name}` parameter. **Recommendations** For request-baskets versions up to v1.2.1, as a temporary workaround, consider disabling the `/api/baskets/{name}` endpoint until a patch is available. Restrict access to this endpoint to minimize the risk of exploitation. Avoid using the `{name}` parameter in the affected API endpoint until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Appwrite versions up to v1.2.1 **Description** The issue is related to insufficient validation of incoming requests in the /v1/avatars/favicon component of the Appwrite backend platform for developing mobile and web applications. This allows a remote attacker to perform a Server-Side Request Forgery (SSRF) attack using a specially crafted GET request, potentially accessing network resources and sensitive information. **Recommendations** For Appwrite versions up to v1.2.1, as a temporary workaround, consider restricting access to the /v1/avatars/favicon component until a patch is available. Avoid using this component to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.