CVE-2021-22958

Name of the Vulnerable Software and Affected Versions concrete5 versions prior to 8.5.5

Description A Server-Side Request Forgery issue was found that allows a decimal notation encoded IP address to bypass localhost limitations, enabling interaction with local services. The impact varies depending on the services exposed.

Recommendations For versions prior to 8.5.5, update to version 8.5.5 or later to resolve the issue. As a temporary workaround, consider restricting access to local services to minimize the risk of exploitation.