CVE-2022-1379
CRITICALPlantUML < 1.2022.5 - Server-Side Request Forgery via URL Restriction Bypass
Title source: llmDescription
URL Restriction Bypass in GitHub repository plantuml/plantuml prior to V1.2022.5. An attacker can abuse this to bypass URL restrictions that are imposed by the different security profiles and achieve server side request forgery (SSRF). This allows accessing restricted internal resources/servers or sending requests to third party servers.
References (4)
Core 4
Core References
Exploit, Patch, Third Party Advisory x_refsource_confirm
https://huntr.dev/bounties/0d737527-86e1-41d1-9d37-b2de36bc063a
Patch, Third Party Advisory x_refsource_misc
https://github.com/plantuml/plantuml/commit/93e5964e5f35914f3f7b89de620c596795550083
Mailing List, Third Party Advisory vendor-advisory
x_refsource_fedora
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CHUE4G5CAJUD7L2QPJF6U4JYQTP7CNNL/
Mailing List, Third Party Advisory vendor-advisory
x_refsource_fedora
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/J4DP36G2VBOZUNQIUZ5LVJKZIVO4SDAI/
Scores
CVSS v3
9.1
EPSS
0.0028
EPSS Percentile
51.4%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
Details
CWE
CWE-918
Status
published
Products (3)
fedoraproject/fedora
35
fedoraproject/fedora
36
plantuml/plantuml
< 1.2022.5
Published
May 14, 2022
Tracked Since
Feb 18, 2026