Server-Side Request Forgery (SSRF) in emissary:emissary
CVE-2021-32639

7.2HIGH

Key Information:

Vendor: Nationalsecurityagency
Status: Emissary
Vendor: CVE Published:; 2 July 2021

🔔 Create Nationalsecurityagency Vulnerability Alert

What is CVE-2021-32639?

Emissary is a P2P-based, data-driven workflow engine. Emissary version 6.4.0 is vulnerable to Server-Side Request Forgery (SSRF). In particular, the RegisterPeerAction endpoint and the AddChildDirectoryAction endpoint are vulnerable to SSRF. This vulnerability may lead to credential leaks. Emissary version 7.0 contains a patch. As a workaround, disable network access to Emissary from untrusted sources.