CVE-2021-27670

Name of the Vulnerable Software and Affected Versions Appspace version 6.2.4

Description The issue allows for Server-Side Request Forgery (SSRF) via the url parameter in the "api/v1/core/proxy/jsonprequest" API endpoint. This means an attacker could potentially force the server to make unintended requests, potentially leading to information disclosure or other malicious activities.

Recommendations For Appspace version 6.2.4, as a temporary workaround, consider restricting access to the "api/v1/core/proxy/jsonprequest" API endpoint until a patch is available. Additionally, avoid using the url parameter in this endpoint to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.