Main Vulnerability Database SB2024081715

SB2024081715 - Server-Side Request Forgery (SSRF) in TruffleHog

Published: August 17, 2024 Updated: April 24, 2026

Security Bulletin ID SB2024081715

CSH Severity

Low

Patch available

YES

Number of vulnerabilities 1

Exploitation vector Remote access

Highest impact Data manipulation

Breakdown by Severity

Low
Medium
High
Critical

Description

This security bulletin contains information about 1 security vulnerability.

1) Server-Side Request Forgery (SSRF) (CVE-ID: CVE-2024-43379)

The vulnerability allows a remote attacker to trigger unauthorized requests to attacker-chosen endpoints.

The vulnerability exists due to server-side request forgery in some detectors when scanning maliciously crafted data. A remote attacker can craft data that causes the detector to send a request to an attacker-chosen endpoint to trigger unauthorized requests to attacker-chosen endpoints.

User interaction is required because the victim must scan the crafted data. Exploitation is effective only if the targeted endpoint is an unauthenticated GET endpoint that produces side effects.

Remediation

Install update from vendor's website.

SB2024081715 - Server-Side Request Forgery (SSRF) in TruffleHog

Breakdown by Severity

Description

Remediation

References

Please verify you're human