CVE-2024-1021

Name of the Vulnerable Software and Affected Versions Rebuild versions up to 3.5.5

Description A critical issue has been found in the function readRawText of the component HTTP Request Handler. The manipulation of the argument url leads to server-side request forgery. The attack may be launched remotely.

Recommendations For versions up to 3.5.5, as a temporary workaround, consider disabling the readRawText function until a patch is available. Restrict access to the HTTP Request Handler component to minimize the risk of exploitation. Avoid using the url argument in the affected component until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this issue.