Miggo Logo
Miggo Vulnerability Database
CVE-2017-20157

CVE-2017-20157: Ariadne Component Library vulnerable to Server-Side Request Forgery

9.8

CVSS Score
3.1

Basic Information

CVE ID
CVE-2017-20157
GHSA ID
GHSA-qr97-v87p-x965
EPSS Score
0.1685%
CWE
CWE-918
Published
12/31/2022
Updated
2/2/2023
KEV Status
No
Technology
TechnologyPHP

Technical Details

CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Package NameEcosystemVulnerable VersionsFirst Patched Version
arc/webcomposer< 3.03.0

Vulnerability Intelligence
Miggo AIMiggo AI

Miggo AIRoot Cause Analysis

The commit diff shows critical validation was added to the Url constructor to prevent SSRF. The patch specifically addresses cases where parse_url() returns a host containing colons (which could indicate port smuggling) by truncating at the first colon. The added test cases demonstrate exploitation scenarios like 'http://127.0.0.1:11211:80/' where the vulnerable version would incorrectly parse the host/port combination. The __construct method's pre-patch handling of URL components without this validation directly enabled SSRF vectors.

Vulnerable functions

Only Mi**o us*rs **n s** t*is s**tion

WAF Protection Rules

WAF Rule

* vuln*r**ility w*s *oun* in *ri**n* *ompon*nt Li*r*ry up to *.x. It **s ***n *l*ssi*i** *s *riti**l. *****t** is *n unknown *un*tion o* t** *il* sr*/url/Url.p*p. T** m*nipul*tion l***s to s*rv*r-si** r*qu*st *or**ry. Up*r**in* to v*rsion *.* **n ***

Reasoning

T** *ommit *i** s*ows *riti**l v*li**tion w*s ***** to t** Url *onstru*tor to pr*v*nt SSR*. T** p*t** sp**i*i**lly ***r*ss*s **s*s w**r* p*rs*_url() r*turns * *ost *ont*inin* *olons (w*i** *oul* in*i**t* port smu**lin*) *y trun**tin* *t t** *irst *ol