{"id":"CVE-2023-6199","details":"Book Stack version 23.10.2 allows filtering local files on the server. This is possible because the application is vulnerable to SSRF.","modified":"2026-03-14T12:23:42.584283Z","published":"2023-11-20T23:15:06.877Z","references":[{"type":"ADVISORY","url":"https://www.bookstackapp.com/blog/bookstack-release-v23-10-3/"},{"type":"EVIDENCE","url":"https://fluidattacks.com/advisories/imagination/"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/bookstackapp/bookstack","events":[{"introduced":"0"},{"last_affected":"d8383cfa802637ceb0ce0a250d9f4962c282524f"}],"database_specific":{"versions":[{"introduced":"0"},{"last_affected":"23.10.2"}]}}],"versions":["0.7.2","v.0.7.1","v0.10.0","v0.11.0","v0.11.1","v0.11.2","v0.12.0","v0.12.1","v0.12.2","v0.13.0","v0.13.1","v0.14.0","v0.14.1","v0.14.2","v0.14.3","v0.15.0","v0.15.1","v0.15.2","v0.15.3","v0.16.0","v0.16.1","v0.16.2","v0.16.3","v0.17.0","v0.17.1","v0.17.2","v0.17.3","v0.17.4","v0.18.0","v0.18.1","v0.18.2","v0.18.3","v0.18.4","v0.18.5","v0.19.0","v0.20.0","v0.20.1","v0.20.2","v0.20.3","v0.21.0","v0.22.0","v0.23.0","v0.23.1","v0.23.2","v0.24.0","v0.24.1","v0.24.2","v0.24.3","v0.25.0","v0.25.1","v0.25.2","v0.25.3","v0.25.4","v0.25.5","v0.26.0","v0.26.1","v0.26.2","v0.26.3","v0.26.4","v0.27","v0.27.1","v0.27.2","v0.27.3","v0.27.4","v0.27.5","v0.28.0","v0.28.1","v0.28.2","v0.28.3","v0.29.0","v0.29.1","v0.29.2","v0.29.3","v0.30.0","v0.30.1","v0.30.2","v0.30.3","v0.30.4","v0.30.5","v0.30.6","v0.30.7","v0.31.0","v0.31.1","v0.31.2","v0.31.3","v0.31.4","v0.31.5","v0.31.6","v0.31.7","v0.31.8","v0.5.0","v0.6.0","v0.6.1","v0.6.2","v0.6.3","v0.7.0","v0.7.3","v0.7.4","v0.7.5","v0.7.6","v0.8.0","v0.8.1","v0.8.2","v0.9.0","v0.9.1","v0.9.2","v0.9.3","v21.04","v21.04.1","v21.04.2","v21.04.3","v21.04.4","v21.04.5","v21.04.6","v21.05","v21.05.1","v21.05.2","v21.05.3","v21.05.4","v21.08","v21.08.1","v21.08.2","v21.08.3","v21.08.4","v21.08.5","v21.08.6","v21.10","v21.10.1","v21.10.2","v21.10.3","v21.11","v21.11.1","v21.11.2","v21.11.3","v21.12","v21.12.1","v21.12.2","v21.12.3","v21.12.4","v21.12.5","v22.02","v22.02.1","v22.02.2","v22.02.3","v22.03","v22.03.1","v22.04","v22.04.1","v22.04.2","v22.06","v22.06.1","v22.06.2","v22.07","v22.07.1","v22.07.2","v22.07.3","v22.09","v22.09.1","v22.10","v22.10.1","v22.10.2","v22.11","v22.11.1","v23.01","v23.01.1","v23.02","v23.02.1","v23.02.2","v23.02.3","v23.05","v23.05.1","v23.05.2","v23.06","v23.06.1","v23.06.2","v23.08","v23.08.1","v23.08.2","v23.08.3","v23.10","v23.10.1","v23.10.2"],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2023-6199.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"}]}