CVE-2021-31216
HIGHSiren Investigate < 11.1.1 - Server-Side Request Forgery via Image Proxy Route
Title source: llmDescription
Siren Investigate before 11.1.1 contains a server side request forgery (SSRF) defect in the built-in image proxy route (which is enabled by default). An attacker with access to the Investigate installation can specify an arbitrary URL in the parameters of the image proxy route and fetch external URLs as the Investigate process on the host.
References (2)
Core 2
Core References
Release Notes, Vendor Advisory x_refsource_misc
https://community.siren.io/c/announcements
Patch, Release Notes, Vendor Advisory x_refsource_confirm
https://docs.siren.io/siren-platform-user-guide/11.1/release-notes.html
Scores
CVSS v3
8.1
EPSS
0.0072
EPSS Percentile
49.4%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
Details
CWE
CWE-918
Status
published
Products (1)
siren/investigate
< 11.1.1
Published
Jul 19, 2021
Tracked Since
Feb 18, 2026