{"id":"GO-2022-1113","summary":"Server-side request forgery in github.com/oam-dev/kubevela","details":"When using Helm Chart as the component delivery method, the request address of the warehouse is not restricted, and there is a blind SSRF vulnerability.","aliases":["CVE-2022-39383","GHSA-m5xf-x7q6-3rm7"],"modified":"2026-03-17T04:29:14.577041Z","published":"2022-12-07T18:45:56Z","related":["CGA-r59f-cj6h-534p"],"database_specific":{"review_status":"REVIEWED","url":"https://pkg.go.dev/vuln/GO-2022-1113"},"references":[{"type":"ADVISORY","url":"https://github.com/kubevela/kubevela/security/advisories/GHSA-m5xf-x7q6-3rm7"},{"type":"FIX","url":"https://github.com/kubevela/kubevela/pull/5000"}],"affected":[{"package":{"name":"github.com/oam-dev/kubevela","ecosystem":"Go","purl":"pkg:golang/github.com/oam-dev/kubevela"},"ranges":[{"type":"SEMVER","events":[{"introduced":"0"},{"fixed":"1.5.8"},{"introduced":"1.6.0"},{"fixed":"1.6.1"}]}],"ecosystem_specific":{"imports":[{"symbols":["HTTPGetResponse"],"path":"github.com/oam-dev/kubevela/pkg/utils/common"}]},"database_specific":{"source":"https://vuln.go.dev/ID/GO-2022-1113.json"}}],"schema_version":"1.7.5"}