CVE-2024-1063

Appwrite <= v1.4.13 is affected by a Server-Side Request Forgery (SSRF) via the '/v1/avatars/favicon' endpoint due to an incomplete fix of CVE-2023-27159.

Published: Jan 30, 2024
Updated: Feb 6, 2024
CVE: CVE-2024-1063
Severity: High
Exploit:

CVSS v3:

Severity: High
Score: 7.5
AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

CWEs:

CWE-918

Affected Software
References

Software	From	Fixed in
appwrite / appwrite	-	1.4.13.x

https://www.tenable.com/security/research/tra-2024-03

Vulnerability Database

290,020

CVE-2024-1063