First published: Fri Aug 11 2017(Updated: )
Server-side request forgery (SSRF) vulnerability in Downloader in Synology Download Station 3.8.x before 3.8.5-3475 and 3.x before 3.5-2984 allows remote authenticated users to download arbitrary local files via crafted URI.
Credit: security@synology.com
Affected Software | Affected Version | How to fix |
---|---|---|
Synology Download Station | =3.2-2295 | |
Synology Download Station | =3.3-2382 | |
Synology Download Station | =3.3-2383 | |
Synology Download Station | =3.3-2386 | |
Synology Download Station | =3.4-2477 | |
Synology Download Station | =3.4-2478 | |
Synology Download Station | =3.4-2480 | |
Synology Download Station | =3.4-2485 | |
Synology Download Station | =3.4-2486 | |
Synology Download Station | =3.4-2489 | |
Synology Download Station | =3.4-2490 | |
Synology Download Station | =3.4-2514 | |
Synology Download Station | =3.4-2555 | |
Synology Download Station | =3.4-2557 | |
Synology Download Station | =3.4-2558 | |
Synology Download Station | =3.5-2638 | |
Synology Download Station | =3.5-2705 | |
Synology Download Station | =3.5-2706 | |
Synology Download Station | =3.5-2955 | |
Synology Download Station | =3.5-2956 | |
Synology Download Station | =3.5-2962 | |
Synology Download Station | =3.5-2963 | |
Synology Download Station | =3.5-2967 | |
Synology Download Station | =3.5-2968 | |
Synology Download Station | =3.5-2970 | |
Synology Download Station | =3.5-2973 | |
Synology Download Station | =3.5-2980 | |
Synology Download Station | =3.5-2982 | |
Synology Download Station | =3.8.0-3416 | |
Synology Download Station | =3.8.1-3420 | |
Synology Download Station | =3.8.2-3455 | |
Synology Download Station | =3.8.3-3458 | |
Synology Download Station | =3.8.4-3468 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.