CVE-2021-27670
published 2021-02-25CVE-2021-27670: Appspace 6.2.4 allows SSRF via the api/v1/core/proxy/jsonprequest url parameter.
PriorityP184critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
ITWEXPLOITVulnCheck KEV
Exploited in the wild
EPSS
61.27%
99.0th percentile
Appspace 6.2.4 allows SSRF via the api/v1/core/proxy/jsonprequest url parameter.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| appspace | appspace | — | — |
Detection & IOCsextracted from sources · hover to see the quote
url/api/v1/core/proxy/jsonprequest?objresponse=false&websiteproxy=true&escapestring=false&url=http://oast.live↗
- →Send a GET request to /api/v1/core/proxy/jsonprequest with the `url` parameter pointing to an out-of-band interaction server; a 200 response with body containing ' Interactsh Server ' confirms SSRF exploitation. ↗
- →Shodan/FOFA/Google dork for exposed Appspace instances: search for title 'Appspace' or 'appspace' to identify attack surface. ↗
- ·The SSRF endpoint requires no authentication (PR:N, UI:N), meaning it is exploitable by unauthenticated remote attackers against any exposed Appspace 6.2.4 instance. ↗
- ·The vulnerable parameter is `url` within the `jsonprequest` proxy endpoint; additional query parameters `objresponse=false`, `websiteproxy=true`, and `escapestring=false` are used in the known PoC request. ↗
CVSS provenance
nvdv3.19.8CRITICALCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvdv2.07.5HIGHAV:N/AC:L/Au:N/C:P/I:P/A:P
vulncheck9.8CRITICAL
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-3qwh-w55v-784g: Appspace 6
ghsa_unreviewed·2022-05-24
CVE-2021-27670 [CRITICAL] CWE-918 GHSA-3qwh-w55v-784g: Appspace 6
Appspace 6.2.4 allows SSRF via the api/v1/core/proxy/jsonprequest url parameter.
VulnCheck
appspace appspace Server-Side Request Forgery (SSRF)
vulncheck·2021·CVSS 9.8
CVE-2021-27670 [CRITICAL] appspace appspace Server-Side Request Forgery (SSRF)
appspace appspace Server-Side Request Forgery (SSRF)
Appspace 6.2.4 allows SSRF via the api/v1/core/proxy/jsonprequest url parameter.
Affected: appspace appspace
Required Action: Apply remediations or mitigations per vendor instructions or discontinue use of the product if remediation or mitigations are unavailable.
Exploitation References: https://dashboard.shadowserver.org/statistics/honeypot/vulnerability/map/?day=2026-01-21&host_type=src&vulnerability=cve-2021-27670; https://dashboard.shadowserver.org/statistics/honeypot/vulnerability/map/?day=2026-01-22&host_type=src&vulnerability=cve-2021-27670; https://dashboard.shadowserver.org/statistics/honeypot/vulnerability/map/?day=2026-01-23&host_type=src&vulnerability=cve-2021-27670; https://dashboard.shadowserver.org/statistics/honeypot
No detection rules found.
Nuclei
Appspace 6.2.4 - Server-Side Request Forgery
nuclei·CVSS 9.8
CVE-2021-27670 [CRITICAL] Appspace 6.2.4 - Server-Side Request Forgery
Appspace 6.2.4 - Server-Side Request Forgery
Appspace 6.2.4 allows SSRF via the api/v1/core/proxy/jsonprequest url parameter.
Template:
id: CVE-2021-27670
info:
name: Appspace 6.2.4 - Server-Side Request Forgery
author: ritikchaddha
severity: critical
description: Appspace 6.2.4 allows SSRF via the api/v1/core/proxy/jsonprequest url parameter.
impact: |
Successful exploitation of this vulnerability can lead to unauthorized access to internal resources, data leakage, and potential remote code execution.
remediation: |
Upgrade to a patched version of Appspace 6.2.4 or apply the necessary security patches provided by the vendor.
reference:
- https://github.com/h3110mb/PoCSSrfApp
- https://nvd.nist.gov/vuln/detail/CVE-2021-27670
- https://github.com/ArrestX/--POC
- https://github.com/KayCH
2021-02-25
Published
Exploited in the wild