I · I · CVE-2018-1000138
Name of the Vulnerable Software and Affected Versions:
I, Librarian versions 4.8 and earlier
Description:
The issue concerns a SSRF vulnerability found in the `url` parameter of the `getFromWeb` function in functions.php. This vulnerability can be exploited to abuse server functionality, allowing an attacker to read or update internal resources.
Recommendations:
For versions 4.8 and earlier, consider restricting access to the `getFromWeb` function in functions.php to minimize the risk of exploitation. Avoid using the `url` parameter in the affected function until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.