CVE-2023-22817
published 2024-02-05CVE-2023-22817: Server-side request forgery (SSRF) vulnerability that could allow a rogue server on the local network to modify its URL using another DNS address to point back…
PriorityP426medium5.5CVSS 3.1
AVLACLPRLUINSUCNIHAN
EPSS
0.24%
15.1th percentile
Server-side request forgery (SSRF) vulnerability that could allow a rogue server on the local network to modify its URL using another DNS address to point back to the loopback adapter. This could then allow the URL to exploit other vulnerabilities on the local server. This was addressed by fixing DNS addresses that refer to loopback. This issue affects My Cloud OS 5 devices before 5.27.161, My Cloud Home, My Cloud Home Duo and SanDisk ibi devices before 9.5.1-104.
Affected
17 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| python | pillow | >= 0 < 10.2.0 | 10.2.0 |
| sandisk | ibi | < 9.5.1-104 | 9.5.1-104 |
| western_digital | my_cloud_home_duo | < 9.5.1-104 | 9.5.1-104 |
| western_digital | my_cloud_os_5 | < 5.27.161 | 5.27.161 |
| westerndigital | my_cloud_dl2100_firmware | < 5.27.161 | 5.27.161 |
| westerndigital | my_cloud_dl4100_firmware | < 5.27.161 | 5.27.161 |
| westerndigital | my_cloud_ex2100_firmware | < 5.27.161 | 5.27.161 |
| westerndigital | my_cloud_ex2_ultra_firmware | < 5.27.161 | 5.27.161 |
| westerndigital | my_cloud_ex4100_firmware | < 5.27.161 | 5.27.161 |
| westerndigital | my_cloud_glacier_firmware | < 5.27.161 | 5.27.161 |
| westerndigital | my_cloud_home_duo_firmware | < 9.5.1-104 | 9.5.1-104 |
| westerndigital | my_cloud_home_firmware | < 9.5.1-104 | 9.5.1-104 |
| westerndigital | my_cloud_mirror_g2_firmware | < 5.27.161 | 5.27.161 |
| westerndigital | my_cloud_pr2100_firmware | < 5.27.161 | 5.27.161 |
| westerndigital | my_cloud_pr4100_firmware | < 5.27.161 | 5.27.161 |
| westerndigital | sandisk_ibi_firmware | < 9.5.1-104 | 9.5.1-104 |
| westerndigital | wd_cloud_firmware | < 5.27.161 | 5.27.161 |
CVSS provenance
nvdv3.15.5MEDIUMCVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
ghsa9.8CRITICAL
vendor_redhat9.8CRITICAL
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-ff78-2q7q-3gpw: Server-side request forgery (SSRF) vulnerability that could allow a rogue server on the local network to modify its URL using another DNS address to p
ghsa_unreviewed·2024-02-06
CVE-2023-22817 [MEDIUM] CWE-918 GHSA-ff78-2q7q-3gpw: Server-side request forgery (SSRF) vulnerability that could allow a rogue server on the local network to modify its URL using another DNS address to p
Server-side request forgery (SSRF) vulnerability that could allow a rogue server on the local network to modify its URL using another DNS address to point back to the loopback adapter. This could then allow the URL to exploit other vulnerabilities on the local server. This was addressed by fixing DNS addresses that refer to loopback. This issue affects My Cloud OS 5 devices before 5.27.161, My Cloud Home, My Cloud Home Duo and SanDisk ibi devices before 9.5.1-104.
GHSA
Arbitrary Code Execution in Pillow
ghsa·2024-01-19·CVSS 9.8
CVE-2023-50447 [CRITICAL] CWE-94 Arbitrary Code Execution in Pillow
Arbitrary Code Execution in Pillow
Pillow through 10.1.0 allows PIL.ImageMath.eval Arbitrary Code Execution via the environment parameter, a different vulnerability than CVE-2022-22817 (which was about the expression parameter).
Red Hat
pillow: Arbitrary Code Execution via the environment parameter
vendor_redhat·2024-01-19·CVSS 9.8
CVE-2023-50447 [CRITICAL] CWE-77 pillow: Arbitrary Code Execution via the environment parameter
pillow: Arbitrary Code Execution via the environment parameter
Pillow through 10.1.0 allows PIL.ImageMath.eval Arbitrary Code Execution via the environment parameter, a different vulnerability than CVE-2022-22817 (which was about the expression parameter).
A vulnerability was found in Pillow, a popular Python imaging library. The flaw identified in the PIL.ImageMath.eval function enables arbitrary code execution by manipulating the environment parameter.
Statement: The vulnerability in Pillow's PIL.ImageMath.eval function poses a significant threat due to its potential for arbitrary code execution. Pillow's widespread use in diverse domains makes this flaw particularly impactful, as it could lead to unauthorized access, data breaches, and compromise of entire systems. The complex exploi
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2024-02-05
Published