CVE-2019-9187
HIGHikiwiki < 3.20170111.1, 3.2018x, < 3.20190228 - Server-Side Request Forgery via Aggregate Plugin
Title source: llmDescription
ikiwiki before 3.20170111.1 and 3.2018x and 3.2019x before 3.20190228 allows SSRF via the aggregate plugin. The impact also includes reading local files via file: URIs.
References (3)
Core 3
Core References
Mailing List mailing-list
x_refsource_mlist
https://lists.debian.org/debian-lts-announce/2019/03/msg00018.html
Vendor Advisory x_refsource_misc
https://ikiwiki.info/news/
Various Sources x_refsource_confirm
https://ikiwiki.info/news/version_3.20190228/
Scores
CVSS v3
7.5
EPSS
0.0170
EPSS Percentile
74.3%
Attack Vector
NETWORK
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Details
CWE
CWE-918
Status
published
Products (4)
ikiwiki/ikiwiki
3.20180105
ikiwiki/ikiwiki
3.20180228
ikiwiki/ikiwiki
3.20180311
ikiwiki/ikiwiki
< 3.20170111.1
Published
Jun 05, 2019
Tracked Since
Feb 18, 2026