CVE-2024-5885

Name of the Vulnerable Software and Affected Versions: stangirard/quivr version 0.0.236

Description: The application contains a Server-Side Request Forgery (SSRF) vulnerability due to insufficient controls when crawling a website. This allows an attacker to access applications on the local network, potentially gaining access to internal servers, the AWS metadata endpoint, and capturing Supabase data.

Recommendations: For version 0.0.236, consider restricting access to the crawling functionality until a patch is available. As a temporary workaround, limit the application's ability to access internal servers and sensitive endpoints like the AWS metadata endpoint. Avoid using the application for crawling websites that could potentially expose internal network resources. At the moment, there is no information about a newer version that contains a fix for this vulnerability.