Lucene search
GoogleOSV:CVE-2022-31132HistoryAug 04, 2022 - 5:15 p.m.
CVE-2022-31132
2022-08-0417:15:08
Google
osv.dev
5
nextcloud mail
css minifier
ssrf
server-side request forgery
vendor cerdic
upgrade
manual deletion
Nextcloud Mail is an email application for the nextcloud personal cloud product. Affected versions shipped with a CSS minifier on the path ./vendor/cerdic/css-tidy/css_optimiser.php. Access to the minifier is unrestricted and access may lead to Server-Side Request Forgery (SSRF). It is recommendet to upgrade to Mail 1.12.7 or Mail 1.13.6. Users unable to upgrade may manually delete the file located at ./vendor/cerdic/css-tidy/css_optimiser.php
Related
prion
prion
Server side request forgery (ssrf)
2022-08-04 17:15:00
nextcloud
nextcloud
Unauthenticated SSRF in 3rd party module "cerdic/csstidy"
2022-08-04 06:29:01
cvelist
cvelist
CVE-2022-31132 Unauthenticated SSRF in 3rd party module "cerdic/csstidy"
2022-08-04 17:10:10
nvd
nvd
CVE-2022-31132
2022-08-04 17:15:08
hackerone
hackerone
Nextcloud: Unauthenticated SSRF in 3rd party module "cerdic/csstidy"
2022-06-08 14:50:19
cve
cve
CVE-2022-31132
2022-08-04 17:15:08