CVE-2021-3742 – Chatwoot SSRF Avatar PNG

CVE ID : CVE-2021-3742

Published : Nov. 15, 2024, 11:15 a.m. | 1 hour, 11 minutes ago

Description : A Server-Side Request Forgery (SSRF) vulnerability was discovered in chatwoot/chatwoot, affecting all versions prior to 2.5.0. The vulnerability allows an attacker to upload an SVG file containing a malicious SSRF payload. When the SVG file is used as an avatar and opened in a new tab, it can trigger the SSRF, potentially leading to host redirection.

Severity: 7.9 | HIGH

Visit the link for more details, such as CVSS details, affected products, timeline, and more…CVE ID : CVE-2021-3742

Published : Nov. 15, 2024, 11:15 a.m. | 1 hour, 11 minutes ago

Description : A Server-Side Request Forgery (SSRF) vulnerability was discovered in chatwoot/chatwoot, affecting all versions prior to 2.5.0. The vulnerability allows an attacker to upload an SVG file containing a malicious SSRF payload. When the SVG file is used as an avatar and opened in a new tab, it can trigger the SSRF, potentially leading to host redirection.

Severity: 7.9 | HIGH

Visit the link for more details, such as CVSS details, affected products, timeline, and more…