CVE-2024-1021: Rebuild HTTP Request readRawText server-side request forgery
Description
A vulnerability, which was classified as critical, has been found in Rebuild up to 3.5.5. Affected by this issue is the function readRawText of the component HTTP Request Handler. The manipulation of the argument url leads to server-side request forgery. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-252290 is the identifier assigned to this vulnerability. Eine kritische Schwachstelle wurde in Rebuild bis 3.5.5 entdeckt. Davon betroffen ist die Funktion readRawText der Komponente HTTP Request Handler. Mittels dem Manipulieren des Arguments url mit unbekannten Daten kann eine server-side request forgery-Schwachstelle ausgenutzt werden. Der Angriff kann über das Netzwerk erfolgen. Der Exploit steht zur öffentlichen Verfügung.
Classification
CVE ID: CVE-2024-1021
CVSS Base Severity: MEDIUM
CVSS Base Score: 6.3
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
Problem Types
CWE-918 Server-Side Request ForgeryAffected Products
Vendor: n/a
Product: Rebuild
Nuclei Template
http/cves/2024/CVE-2024-1021.yaml
Exploit Prediction Scoring System (EPSS)
EPSS Score: 93.14% (probability of being exploited)
EPSS Percentile: 99.78% (scored less or equal to compared to others)
EPSS Date: 2025-06-27 (when was this score calculated)
Stakeholder-Specific Vulnerability Categorization (SSVC)
SSVC Exploitation: none
SSVC Technical Impact: partial
SSVC Automatable: false
References
https://nvd.nist.gov/vuln/detail/CVE-2024-1021https://vuldb.com/?id.252290
https://vuldb.com/?ctiid.252290
https://www.yuque.com/mailemonyeyongjuan/tha8tr/yemvnt5uo53gfem5