|
|
|||
| Rule General Information |
|---|
| Release Date: | 2025-01-22 | |
| Rule Name: | kkFileView 4.1.0 Server-Side Request Forgery Vulnerability (CVE-2022-43140) | |
| Severity: | ||
| CVE ID: | ||
| Rule Protection Details |
|---|
| Description: | Keking kkFileView is a Spring Bot project developed by China's Keking Technology Co., Ltd. to create online preview files and documents. KkFileView v4.1.0 version has a security vulnerability, which originates from the component cn. keking. web. controller OnlinePreviewController # getCorsFile contains server-side request forgery (SSRF), which allows attackers to force applications to make arbitrary requests by injecting crafted URLs into URL parameters. | |
| Impact: | An attacker could exploit this vulnerability to have unspecified effect. | |
| Affected OS: | Windows, Linux, Others | |
| Reference: | ||
| Solutions |
|---|
| Please contact the software vendor to update the software patch. |