Description
A vulnerability was found in Ariadne Component Library up to 2.x. It has been classified as critical. Affected is an unknown function of the file src/url/Url.php. The manipulation leads to server-side request forgery. Upgrading to version 3.0 is able to address this issue. It is recommended to upgrade the affected component. The identifier of this vulnerability is VDB-217140.
References (4)
Core 4
Core References
Third Party Advisory vdb-entry
technical-description
https://vuldb.com/?id.217140
Third Party Advisory signature
permissions-required
https://vuldb.com/?ctiid.217140
Patch, Third Party Advisory patch
https://github.com/Ariadne-CMS/arc-web/commit/1feb1cc11e6c9f218408f15f53f537ea0d788656
Release Notes, Third Party Advisory patch
https://github.com/Ariadne-CMS/arc-web/releases/tag/3.0
Scores
CVSS v3
5.5
EPSS
0.0066
EPSS Percentile
47.0%
Attack Vector
ADJACENT_NETWORK
CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
Details
CWE
CWE-918
Status
published
Products (2)
arc/web
0 - 3.0Packagist
ariadne-cms/ariadne_component_library
< 3.0
Published
Dec 31, 2022
Tracked Since
Feb 18, 2026