{"id":"CVE-2022-36663","details":"Gluu Oxauth before v4.4.1 allows attackers to execute blind SSRF (Server-Side Request Forgery) attacks via a crafted request_uri parameter.","aliases":["GHSA-hc94-9v26-gxwv"],"modified":"2026-04-10T04:50:40.976957Z","published":"2022-09-06T21:15:08.890Z","references":[{"type":"ADVISORY","url":"https://github.com/GluuFederation/oxAuth/releases/tag/4.4.1"},{"type":"ADVISORY","url":"https://gluu.org/gluu-4-4-1/"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/gluufederation/oxauth","events":[{"introduced":"0"},{"fixed":"af3c1fc86e617d80108151d60e2ea391e24ee5f6"}],"database_specific":{"versions":[{"introduced":"0"},{"fixed":"4.4.1"}]}}],"versions":["2.3.3","2.4.0","3.0.0","3.0.1","release1.0.0","release1.1.0","release1.2.0","release1.3.0","release1.3.1","release1.3.2","release1.4.1","release1.5.0","v3.0.1"],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2022-36663.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}]}