CVE-2021-22255
HIGHbaserow 0.6.0-1.1.0 - Authenticated Server-Side Request Forgery via URL File Upload
Title source: llmDescription
SSRF in URL file upload in Baserow <1.1.0 allows remote authenticated users to retrieve files from the internal server network exposed over HTTP by inserting an internal address.
References (3)
Core 3
Core References
Issue Tracking, Patch, Third Party Advisory x_refsource_misc
https://gitlab.com/bramw/baserow/-/issues/370
Release Notes, Vendor Advisory x_refsource_misc
https://baserow.io/blog/march-2021-release-of-baserow
Third Party Advisory x_refsource_confirm
https://gitlab.com/gitlab-org/cves/-/blob/master/2021/CVE-2021-22255.json
Scores
CVSS v3
7.7
EPSS
0.0022
EPSS Percentile
43.9%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N
Details
CWE
CWE-918
Status
published
Products (1)
baserow/baserow
0.6.0 - 1.1.0
Published
Aug 20, 2021
Tracked Since
Feb 18, 2026