CVE-2021-32639

CVE-2021-32639

Emissary is a P2P-based, data-driven workflow engine. Emissary version 6.4.0 is vulnerable to Server-Side Request Forgery (SSRF). In particular, the `RegisterPeerAction` endpoint and the `AddChildDirectoryAction` endpoint are vulnerable to SSRF. This vulnerability may lead to credential leaks. Emissary version 7.0 contains a patch. As a workaround, disable network access to Emissary from untrusted sources.

Source: CVE-2021-32639

답글 남기기

이메일 주소는 공개되지 않습니다. 필수 필드는 *로 표시됩니다