CVE-2024-1021

MEDIUM EXPLOITED NUCLEI

Ruifang-tech Rebuild < 3.5.5 - SSRF

Title source: rule

Description

A vulnerability, which was classified as critical, has been found in Rebuild up to 3.5.5. Affected by this issue is the function readRawText of the component HTTP Request Handler. The manipulation of the argument url leads to server-side request forgery. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-252290 is the identifier assigned to this vulnerability.

Nuclei Templates (1)

Rebuild <= 3.5.5 - Server-Side Request Forgery

CRITICALVERIFIEDby BMCel

Shodan: http.favicon.hash:"871154672"

FOFA: icon_hash="871154672"

References (3)

[Permissions Required, Third Party Advisory] https://vuldb.com/?ctiid.252290

[Third Party Advisory] https://vuldb.com/?id.252290

[Exploit, Third Party Advisory] https://www.yuque.com/mailemonyeyongjuan/tha8tr/yemvnt5uo53gfem5

Scores

CVSS v3 6.3

EPSS 0.9290

EPSS Percentile 99.8%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L

Details

VulnCheck KEV 2024-04-04

CWE

CWE-918

Status published

Products (1)

ruifang-tech/rebuild < 3.5.5

Published Jan 29, 2024

Tracked Since Feb 18, 2026