SSRF Vulnerability in Quivr Allowing Access to Internal Networks

CVE-2024-4851

What is CVE-2024-4851?

The vulnerability in the Stangirard Quivr application arises from the inadequate validation of the 'url' parameter within the crawl endpoint. This flaw allows an attacker to manipulate this parameter to make HTTP requests to arbitrary URLs. Such SSRF attacks can lead to unauthorized interactions with internal services that are otherwise restricted, exposing sensitive data and resources to exploitation. The affected code is located in the backend/routes/crawl_routes.py file, specifically in the crawl_endpoint function. Proper validation of input parameters is crucial for mitigating such risks.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch →

References