A flaw was found in`... CVE-2024-1233

- AV AC AU C I A
发布: 2024-04-09
修订: 2024-04-09

A flaw was found in` JwtValidator.resolvePublicKey` in JBoss EAP, where the validator checks jku and sends a HTTP request. During this process, no whitelisting or other filtering behavior is performed on the destination URL address, which may result in a server-side request forgery (SSRF) vulnerability.

0%
暂无可用Exp或PoC
当前有0条受影响产品信息