ГлавнаяУязвимости → CVE-2025-64522
9.1критическая

CVE-2025-64522

Описание

Soft Serve is a self-hostable Git server for the command line. Versions prior to 0.11.1 have a SSRF vulnerability where webhook URLs are not validated, allowing repository administrators to create webhooks targeting internal services, private networks, and cloud metadata endpoints. Version 0.11.1 fixes the vulnerability.

Затрагиваемое ПО
Charm Soft serve
CVSS
Балл9.1 — критическая
ВекторCVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:L/A:L
Источники
https://github.com/charmbracelet/soft-serve/commit/bb73b9a0eea0d902da4811420535842a4f9aae3bhttps://github.com/charmbracelet/soft-serve/releases/tag/v0.11.1https://github.com/charmbracelet/soft-serve/security/advisories/GHSA-vwq2-jx9q-9h9fhttps://github.com/charmbracelet/soft-serve/security/advisories/GHSA-vwq2-jx9q-9h9f