Description
A server-side request forgery (SSRF) was discovered in the Akana API Platform in versions prior to and including 2022.1.3. Reported by Jakob Antonsson.
References (1)
Core 1
Core References
Various Sources
https://portal.perforce.com/s/detail/a91PA000001STuXYAW
Scores
CVSS v3
9.3
EPSS
0.0044
EPSS Percentile
35.1%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:L/A:N
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
yes
Technical Impact
partial
Details
CWE
CWE-918
Status
published
Products (4)
Akana/Akana API Platform
0.0.0 - 2022.1.3.2
Akana/Akana API Platform
0.0.0 - 2024.1.0
Akana/Akana API Platform
2022.1.1 - 2022.1.1 (CVE-2024-2796 Patch)
Akana/Akana API Platform
2022.1.2 - 2022.1.2 (CVE-2024-2796 Patch)
Published
Apr 18, 2024
Tracked Since
Feb 18, 2026