{"id":"CVE-2023-3432","summary":"Server-Side Request Forgery (SSRF) in plantuml/plantuml","details":"Server-Side Request Forgery (SSRF) in GitHub repository plantuml/plantuml prior to 1.2023.9.","aliases":["GHSA-ff3m-68vj-h86p"],"modified":"2026-04-02T09:02:11.358377Z","published":"2023-06-27T14:30:23.442Z","database_specific":{"cna_assigner":"@huntrdev","osv_generated_from":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2023/3xxx/CVE-2023-3432.json","cwe_ids":["CWE-918"]},"references":[{"type":"WEB","url":"https://huntr.dev/bounties/8ac3316f-431c-468d-87e4-3dafff2ecf51"},{"type":"WEB","url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FV7XL3CY3K3K5ER3ASMEQA546MIQQ7QM/"},{"type":"ADVISORY","url":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2023/3xxx/CVE-2023-3432.json"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2023-3432"},{"type":"FIX","url":"https://github.com/plantuml/plantuml/commit/b32500bb61ae617bb312496d6d832e4be8190797"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/plantuml/plantuml","events":[{"introduced":"0"},{"fixed":"74574c4f57d8d56b0e740b64e3d005ed071b2da2"}]}],"versions":["gmlv0.1.0a","gmlv0.2.0a","v1.2017.12","v1.2017.13","v1.2017.14","v1.2017.15","v1.2017.17","v1.2017.18","v1.2017.19","v1.2017.20","v1.2018.0","v1.2018.1","v1.2018.10","v1.2018.11","v1.2018.12","v1.2018.13","v1.2018.14","v1.2018.2","v1.2018.3","v1.2018.4","v1.2018.5","v1.2018.6","v1.2018.7","v1.2018.8","v1.2018.9","v1.2019.0","v1.2019.1","v1.2019.10","v1.2019.11","v1.2019.12","v1.2019.13","v1.2019.2","v1.2019.4","v1.2019.5","v1.2019.6","v1.2019.7","v1.2019.8","v1.2019.9","v1.2020.0","v1.2020.1","v1.2020.10","v1.2020.11","v1.2020.12","v1.2020.13","v1.2020.14","v1.2020.15","v1.2020.16","v1.2020.17","v1.2020.18","v1.2020.19","v1.2020.2","v1.2020.20","v1.2020.21","v1.2020.22","v1.2020.23","v1.2020.24","v1.2020.26","v1.2020.3","v1.2020.4","v1.2020.6","v1.2020.7","v1.2020.8","v1.2020.9","v1.2021.0","v1.2021.1","v1.2021.10","v1.2021.12","v1.2021.13","v1.2021.14","v1.2021.15","v1.2021.16","v1.2021.2","v1.2021.3","v1.2021.4","v1.2021.5","v1.2021.6","v1.2021.7","v1.2021.8","v1.2021.9","v1.2022.0","v1.2022.1","v1.2022.10","v1.2022.11","v1.2022.12","v1.2022.13","v1.2022.14","v1.2022.2","v1.2022.3","v1.2022.4","v1.2022.5","v1.2022.6","v1.2022.7","v1.2022.8","v1.2022.9","v1.2023.0","v1.2023.1","v1.2023.2","v1.2023.3","v1.2023.4","v1.2023.5","v1.2023.6","v1.2023.7","v1.2023.8","v2017.08","v2017.09","v2017.11","v8059"],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2023-3432.json","vanir_signatures":[{"signature_version":"v1","id":"CVE-2023-3432-61a93759","deprecated":false,"source":"https://github.com/plantuml/plantuml/commit/74574c4f57d8d56b0e740b64e3d005ed071b2da2","signature_type":"Function","digest":{"length":46,"function_hash":"298906704308918028270331362808751815864"},"target":{"file":"src/net/sourceforge/plantuml/version/Version.java","function":"compileTime"}},{"signature_version":"v1","id":"CVE-2023-3432-e20c112d","deprecated":false,"source":"https://github.com/plantuml/plantuml/commit/74574c4f57d8d56b0e740b64e3d005ed071b2da2","signature_type":"Line","digest":{"threshold":0.9,"line_hashes":["146867373125416096968169019915169602019","320494320065182875017058654916922282389","324161394208363568244320877044827652010","34278620398819972444563889680577394316","90120288795734310982317362690670181298","280230260526823074946512142599682136304","91068408516048719293487979281481862466","258655926181888410938968616109502645971"]},"target":{"file":"src/net/sourceforge/plantuml/version/Version.java"}}]}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N"}]}