-
CVSS Score
-Basic Information
Technical Details
Vulnerability Intelligence
Miggo AI
Miggo AIMiggo AIMiggo AIRoot Cause AnalysisThe SSRF vulnerability stemmed from improper URL validation in SURL.java. The commit added critical '@' character checks in forbiddenURL() and isInUrlAllowList() to block URLs with embedded credentials (user@host syntax), which could be used to bypass security restrictions. These functions are directly responsible for URL validation, and their pre-patch behavior allowed SSRF exploitation.
| Package Name | Ecosystem | Vulnerable Versions | First Patched Version |
|---|---|---|---|
| net.sourceforge.plantuml:plantuml-mit | maven | < 1.2023.9 | 1.2023.9 |
| net.sourceforge.plantuml:plantuml | maven | < 1.2023.9 | 1.2023.9 |