PT-2020-16207 · Tt Rss · Tiny Tiny Rss
Daniel Neagaru
·
Published
2020-09-19
·
Updated
2025-12-23
·
CVE-2020-25787
CVSS v2.0
10
Critical
| Vector | AV:N/AC:L/Au:N/C:C/I:C/A:C |
Name of the Vulnerable Software and Affected Versions
Tiny Tiny RSS (tt-rss) versions prior to 2020-09-16
Description
The issue is related to the failure of Tiny Tiny RSS to validate all URLs before requesting them. This could potentially lead to unauthorized access or other security issues.
Recommendations
For versions prior to 2020-09-16, update to a version released after 2020-09-16 to resolve the issue.
As a temporary workaround, consider restricting access to unvalidated URLs until a patch is available.
Exploit
Fix
RCE
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Tiny Tiny Rss