CVE-2024-13195

Name of the Vulnerable Software and Affected Versions donglight bookstore versions 1.0.0

Description A critical issue affects the getHtml function of the file src/main/java/org/zdd/bookstore/rawl/HttpUtil.java. The manipulation of the url argument leads to server-side request forgery, allowing remote attack initiation. The exploit has been publicly disclosed and may be used.

Recommendations For version 1.0.0, consider disabling the getHtml function until a patch is available to prevent server-side request forgery. Restrict access to the HttpUtil.java file to minimize the risk of exploitation. Avoid using the url argument in the affected function until the issue is resolved.