github.com/vmware/harbor is vulnerable to server side request forgery (SSRF) attacks. A malicious user can pass a malicious request to the application to the ping()
function in the /src/ui/api/target.go
file, leading to information disclosure or arbitrary command execution.
CPE | Name | Operator | Version |
---|---|---|---|
github.com/vmware/harbor | eq | HEAD | |
github.com/vmware/harbor | le | 1.3.0 |