CVE-2024-1021
MEDIUM EXPLOITED NUCLEIRebuild < 3.5.5 - Server-Side Request Forgery via HTTP Request Handler readRawText Function
Title source: llmExploitation Summary
CVE-2024-1021 has been observed exploited in the wild (reported by VulnCheck KEV). A Nuclei detection template is also available.
Description
A vulnerability, which was classified as critical, has been found in Rebuild up to 3.5.5. Affected by this issue is the function readRawText of the component HTTP Request Handler. The manipulation of the argument url leads to server-side request forgery. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-252290 is the identifier assigned to this vulnerability.
Nuclei Templates (1)
Rebuild <= 3.5.5 - Server-Side Request Forgery
CRITICALVERIFIEDby BMCel
Shodan:
http.favicon.hash:"871154672"
FOFA:
icon_hash="871154672"
References (3)
Core 3
Core References
Third Party Advisory vdb-entry
technical-description
https://vuldb.com/?id.252290
Permissions Required, Third Party Advisory signature
permissions-required
https://vuldb.com/?ctiid.252290
Exploit, Third Party Advisory exploit
https://www.yuque.com/mailemonyeyongjuan/tha8tr/yemvnt5uo53gfem5
Scores
CVSS v3
6.3
EPSS
0.3496
EPSS Percentile
98.2%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
no
Technical Impact
partial
Details
VulnCheck KEV
2024-04-04
CWE
CWE-918
Status
published
Products (1)
ruifang-tech/rebuild
< 3.5.5
Published
Jan 29, 2024
Tracked Since
Feb 18, 2026