Ratrarity

**Name of the Vulnerable Software and Affected Versions** Ghostfolio versions prior to 2.245.0 **Description** Ghostfolio, an open source wealth management software, contains a server-side request forgery (SSRF) issue. An attacker can exploit the manual asset import feature to perform a full-read SSRF. This allows the attacker to exfiltrate sensitive cloud metadata (IMDS) or probe internal network services. The API endpoint used for asset import is vulnerable. The `asset import` function is susceptible to exploitation. **Recommendations** Update to version 2.245.0.

**Name of the Vulnerable Software and Affected Versions** Ghostfolio versions prior to 2.244.0 **Description** Ghostfolio is a wealth management software susceptible to arbitrary SQL command execution. An attacker can bypass symbol validation to execute SQL commands through the `getHistorical()` method. Successful exploitation could allow an attacker to read, modify, or delete sensitive financial data for all users in the database. **Recommendations** Update to version 2.244.0 or later.