CVE-2024-54819

Name of the Vulnerable Software and Affected Versions I, Librarian versions prior to 5.11.1

Description The issue is related to Server-Side Request Forgery (SSRF) due to improper input validation in classes/security/validation.php. This allows for bypassing protection mechanisms. The estimated number of potentially affected devices worldwide is not specified. There is no information about real-world incidents where this issue was exploited.

Recommendations For versions prior to 5.11.1, update to a version later than 5.11.1 to resolve the issue. As a temporary workaround, consider restricting access to the vulnerable classes/security/validation.php file until a patch is available. Avoid using the vulnerable input validation mechanism in the affected API endpoints until the issue is resolved.