CVE-2024-1021 MEDIUM

CVE-2024-1021: Rebuild HTTP Request readRawText server-side request forgery

Vendor N/A

Product Rebuild

Weakness CWE-918 · SSRF

Published January 29, 2024

Last update June 6, 2025

View on NVD All CVEs

CVSS base score

6.3/10

Attack vector Network

Attack complexity Low

Privileges required Low

User interaction None

Confidentiality Low

Integrity Low

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L

What the vulnerability does

01Description

A vulnerability, which was classified as critical, has been found in Rebuild up to 3.5.5. Affected by this issue is the function readRawText of the component HTTP Request Handler. The manipulation of the argument url leads to server-side request forgery. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-252290 is the identifier assigned to this vulnerability.

Key dates

02Disclosure timeline

January 29, 2024 CVE published

June 6, 2025 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2024-1021 CWE — Common Weakness Enumeration https://cwe.mitre.org/data/definitions/918.html

Related vulnerabilities

Identifiers

CVE CVE-2024-1021

CWE CWE-918

CVSS 6.3 / MEDIUM

Affected versions

Vendor N/A

Product Rebuild

Affected 3.5.0

Vendor N/A

Product Rebuild

Affected 3.5.1

Vendor N/A

Product Rebuild

Affected 3.5.2

Vendor N/A

Product Rebuild

Affected 3.5.3

Vendor N/A

Product Rebuild

Affected 3.5.4

Vendor N/A

Product Rebuild

Affected 3.5.5

CVE-2024-1021: Rebuild HTTP Request readRawText server-side request forgery

01Description

02Disclosure timeline

03References

04Related CVE