{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-06-14T14:30:45.770","vulnerabilities":[{"cve":{"id":"CVE-2024-31979","sourceIdentifier":"security@apache.org","published":"2024-07-17T09:15:02.907","lastModified":"2024-11-21T09:14:16.167","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"Server-Side Request Forgery (SSRF) vulnerability in Apache StreamPipes during installation process of pipeline elements.\nPreviously, StreamPipes allowed users to configure custom endpoints from which to install additional pipeline elements. \nThese endpoints were not properly validated, allowing an attacker to get StreamPipes to send an HTTP GET request to an arbitrary address.\nThis issue affects Apache StreamPipes: through 0.93.0.\n\nUsers are recommended to upgrade to version 0.95.0, which fixes the issue.\n\n"},{"lang":"es","value":"Vulnerabilidad de Server-Side Request Forgery (SSRF) en Apache StreamPipes durante el proceso de instalación de elementos de canalización. Anteriormente, StreamPipes permitía a los usuarios configurar endpoints personalizados desde los cuales instalar elementos de canalización adicionales. Estos endpoints no se validaron adecuadamente, lo que permitió que un atacante lograra que StreamPipes enviara una solicitud HTTP GET a una dirección arbitraria. Este problema afecta a Apache StreamPipes: hasta 0.93.0. Se recomienda a los usuarios actualizar a la versión 0.95.0, que soluciona el problema."}],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N","baseScore":4.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":1.4},{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":3.6}]},"weaknesses":[{"source":"security@apache.org","type":"Secondary","description":[{"lang":"en","value":"CWE-918"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:apache:streampipes:*:*:*:*:*:*:*:*","versionEndExcluding":"0.95.0","matchCriteriaId":"B5EC9EC8-4988-4DAC-A92F-CCDED7F9CB52"}]}]}],"references":[{"url":"https://lists.apache.org/thread/8lryp3bxnby9kmk13odkz2jbfdjfvf0y","source":"security@apache.org","tags":["Mailing List","Vendor Advisory"]},{"url":"http://www.openwall.com/lists/oss-security/2024/07/16/11","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://lists.apache.org/thread/8lryp3bxnby9kmk13odkz2jbfdjfvf0y","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mailing List","Vendor Advisory"]}]}}]}