CVE-2020-8138
N/A
N/A
Summary
A missing check for IPv4 nested inside IPv6 in Nextcloud server < 17.0.1, < 16.0.7, and < 15.0.14 allowed a Server-Side Request Forgery (SSRF) vulnerability when subscribing to a malicious calendar URL.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| n/a | Nextcloud Server | Fixed in 17.0.2, 16.0.7, and 15.0.14 | affected |
Weaknesses
- CWE-918: Server-Side Request Forgery (SSRF) (CWE-918)
ADP Enrichment
CVE Program Container
Additional References
References
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.