CVE-2024-0601

MEDIUM

ZhongFuCheng3y Austin 1.0 - SSRF

Title source: llm

Description

A vulnerability was found in ZhongFuCheng3y Austin 1.0. It has been rated as critical. Affected by this issue is the function getRemoteUrl2File of the file src\main\java\com\java3y\austin\support\utils\AustinFileUtils.java of the component Email Message Template Handler. The manipulation leads to server-side request forgery. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-250838 is the identifier assigned to this vulnerability.

References (3)

Core 3

Core References

Third Party Advisory vdb-entry technical-description

https://vuldb.com/?id.250838

Third Party Advisory signature permissions-required

https://vuldb.com/?ctiid.250838

Exploit exploit

https://github.com/biantaibao/Austin_SSRF/blob/main/SSRF.md

View Exploit ZIP pw:eip

Scores

CVSS v3 6.3

EPSS 0.0014

EPSS Percentile 33.9%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L

CISA SSVC

Vulnrichment

Exploitation none

Automatable yes

Technical Impact partial

Details

CWE

CWE-918

Status published

Products (1)

zhongfucheng3y/austin 1.0

Published Jan 16, 2024

Tracked Since Feb 18, 2026