Server-Side Request Forgery Vulnerability in Donglight Bookstore Products
CVE-2024-13195

Currently unrated

Key Information:

Vendor: Donglight
Vendor: CVE Published:; 9 January 2025

What is CVE-2024-13195?

A vulnerability exists in Donglight Bookstore version 1.0.0 that affects the getHtml function in the HttpUtil.java file. This vulnerability allows attackers to manipulate the url parameter, potentially executing server-side request forgery (SSRF) attacks. Such exploitation can be conducted remotely, raising significant security concerns for affected users. Details of this vulnerability have been made public, underscoring the need for immediate corrective measures.

References

https://github.com/donglight/bookstore/issues/11

https://github.com/donglight/bookstore/issues/11#issue-27...

https://vuldb.com/?ctiid.290787

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jan 9, 2025