Note:
This project will be discontinued after December 13, 2021. [more]
2019-06-05
ikiwiki before 3.20170111.1 and 3.2018x and 3.2019x before 3.20190228 allows SSRF via the aggregate plugin. The impact also includes reading local files via file: URIs.
Products | Ikiwiki |
Type | Server-Side Request Forgery (SSRF) (CWE-918) |
First patch | - None (likely due to unavailable code) |
Links |
• https://ikiwiki.info/news/
• https://ikiwiki.info/news/version_3.20190228/ • https://lists.debian.org/debian-lts-announce/2019/03/msg00018.html |