What the vulnerability does
01Description
Server-Side Request Forgery (SSRF) vulnerability in Drupal Drupal Canvas allows Server Side Request Forgery.This issue affects Drupal Canvas: from 0.0.0 before 1.1.1.
CVSS base score
What the vulnerability does
Server-Side Request Forgery (SSRF) vulnerability in Drupal Drupal Canvas allows Server Side Request Forgery.This issue affects Drupal Canvas: from 0.0.0 before 1.1.1.
Explanation of Vulnerability in Simple Terms
The Drupal Canvas module contains a server-side request forgery (SSRF) vulnerability that allows an attacker to make the site send HTTP requests to internal or external systems on the attacker's behalf. The vulnerability affects all versions before 1.1.1. Site administrators should update immediately to patch the flaw.
What an attacker can do
Make the site send HTTP requests to internal systems or external URLs under the attacker's control.
Potential impact on your site
Attackers could access internal services, exfiltrate data, or pivot to other systems on your network.
Conditions required to exploit
Network access to the site; specific attack vector details unavailable due to incomplete CVSS data.
Key dates
External resources
Related vulnerabilities