CVE-2021-32639

CRITICAL Year: 2021
CVSS v3 Score
9.9
Critical
CVSS v2 Score
6.5
Medium
Weakness Type
CWE-918
View all →

Vulnerability Description

Emissary is a P2P-based, data-driven workflow engine. Emissary version 6.4.0 is vulnerable to Server-Side Request Forgery (SSRF). In particular, the `RegisterPeerAction` endpoint and the `AddChildDirectoryAction` endpoint are vulnerable to SSRF. This vulnerability may lead to credential leaks. Emissary version 7.0 contains a patch. As a workaround, disable network access to Emissary from untrusted sources.

Related Vulnerabilities

CVE-2017-13667

CRITICAL
CVSS:9.9(Critical)

OX Software GmbH OX App Suite 7.8.4 and earlier is affected by: SSRF.

CWE-9182017

CVE-2018-1789

CRITICAL
CVSS:9.9(Critical)

IBM API Connect v2018.1.0 through v2018.3.4 could allow an attacker to send a specially crafted request to conduct a server side request forgery attack. IBM X-Force ID: 148939.

CWE-9182018

CVE-2021-33690

CRITICAL
CVSS:9.9(Critical)

Server-Side Request Forgery (SSRF) vulnerability has been detected in the SAP NetWeaver Development Infrastructure Component Build Service versions - 7.11, 7.20, 7.30, 7.31, 7.40, 7.50The SAP NetWeave...

CWE-9182021

CVE-2024-0455

CRITICAL
CVSS:9.9(Critical)

The inclusion of the web scraper for AnythingLLM means that any user with the proper authorization level (manager, admin, and when in single user) could put in the URL ``` http://169.254.169.254/lates...

CWE-9182024

CVE-2024-6784

HIGH
CVSS:9.9(Critical)

Server-Side Request Forgery vulnerabilities were found providing a potential for access to unauthorized resources and unintended information disclosure. Affected products: ABB ASPECT - Enterprise v3.0...

CWE-9182024

CVE-2025-29972

CRITICAL
CVSS:9.9(Critical)

Server-Side Request Forgery (SSRF) in Azure allows an authorized attacker to perform spoofing over a network.

CWE-9182025