What is the severity of CVE-2024-31979?

CVE-2024-31979 is classified as a Server-Side Request Forgery (SSRF) vulnerability which can lead to unauthorized access and exploitation of the server.

How do I fix CVE-2024-31979?

To remediate CVE-2024-31979, upgrade Apache StreamPipes to version 0.95.0 or later.

Which versions of Apache StreamPipes are affected by CVE-2024-31979?

Versions of Apache StreamPipes prior to 0.95.0 are affected by CVE-2024-31979.

What potential risks does CVE-2024-31979 pose?

CVE-2024-31979 may allow attackers to control the server's behavior by sending crafted requests, potentially leading to data leakage.

Is there a specific installation process affected by CVE-2024-31979?

Yes, CVE-2024-31979 affects the installation process of pipeline elements in Apache StreamPipes.

Vulnerability/
CVE-2024-31979

high

7.5

CWE

918

16/7/2024

17/7/2024

21/1/2025

CVE-2024-31979: Apache StreamPipes: Possibility of SSRF in pipeline element installation process

First published: Tue Jul 16 2024(Updated: )

Server-Side Request Forgery (SSRF) vulnerability in Apache StreamPipes during installation process of pipeline elements. Previously, StreamPipes allowed users to configure custom endpoints from which to install additional pipeline elements. These endpoints were not properly validated, allowing an attacker to get StreamPipes to send an HTTP GET request to an arbitrary address. This issue affects Apache StreamPipes: through 0.93.0. Users are recommended to upgrade to version 0.95.0, which fixes the issue.

Credit: security@apache.org security@apache.org

Affected Software	Affected Version	How to fix
Apache StreamPipes	<0.95.0
maven/org.apache.streampipes:streampipes-parent	<0.95.0	0.95.0
pip/streampipes	<0.95.0	0.95.0

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is the severity of CVE-2024-31979?
CVE-2024-31979 is classified as a Server-Side Request Forgery (SSRF) vulnerability which can lead to unauthorized access and exploitation of the server.
How do I fix CVE-2024-31979?
To remediate CVE-2024-31979, upgrade Apache StreamPipes to version 0.95.0 or later.
Which versions of Apache StreamPipes are affected by CVE-2024-31979?
Versions of Apache StreamPipes prior to 0.95.0 are affected by CVE-2024-31979.
What potential risks does CVE-2024-31979 pose?
CVE-2024-31979 may allow attackers to control the server's behavior by sending crafted requests, potentially leading to data leakage.
Is there a specific installation process affected by CVE-2024-31979?
Yes, CVE-2024-31979 affects the installation process of pipeline elements in Apache StreamPipes.

collector/oss-sec
source/oss-sec
alias/CVE-2024-31979
agent/first-publish-date
agent/title
agent/weakness
agent/type
agent/references
agent/description
agent/author
agent/softwarecombine
collector/nvd-api
source/NVD
agent/software-canonical-lookup
agent/severity
agent/event
collector/github-advisory
source/GitHub
alias/GHSA-9gr7-gh74-qg9x
collector/mitre-cve
source/MITRE
agent/last-modified-date
agent/trending
agent/source
agent/tags
collector/github-advisory-latest
collector/nvd-cve
vendor/apache
canonical/apache streampipes
package-manager/maven
package-manager/pip

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co

By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.