{"id":"CVE-2024-55089","details":"Rhymix before 2.1.24 is vulnerable to Server-Side Request Forgery (SSRF) in the background import data function because XML documents may contain external entities.","modified":"2026-04-10T05:19:10.101420Z","published":"2024-12-18T18:15:07.670Z","references":[{"type":"WEB","url":"https://rhymix.org/news/1909005"},{"type":"WEB","url":"https://tasteful-stamp-da4.notion.site/CVE-2024-55089-15b1e0f227cb8064a563c697709b7530?pvs=73"},{"type":"FIX","url":"https://github.com/rhymix/rhymix/commit/464985b1ef382cc8cf852e9b028a960aa58b40c3"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/rhymix/rhymix","events":[{"introduced":"0"},{"last_affected":"a8016bd05cbc27cb7ac2ac35b21a880e109e6d9e"},{"fixed":"464985b1ef382cc8cf852e9b028a960aa58b40c3"}],"database_specific":{"versions":[{"introduced":"0"},{"last_affected":"2.1.19"}]}}],"versions":["1.4.5","1.5.0","1.5.0.1","1.5.0.2","1.5.0.3","1.5.0.4","1.5.0.5","1.5.0.6","1.5.0.7","1.5.0.8","1.5.0.9","1.5.1","1.5.1.1","1.5.1.10","1.5.1.11","1.5.1.2","1.5.1.3","1.5.1.4","1.5.1.5","1.5.1.6","1.5.1.7","1.5.1.8","1.5.1.9","1.5.2","1.5.2.1","1.5.2.2","1.5.2.3","1.5.2.4","1.5.2.5","1.5.2.6","1.5.2.7","1.5.3","1.5.3.2","1.7.10","1.7.11","1.7.12","1.7.13","1.7.3.4","1.7.3.5","1.7.3.6","1.7.5.3","1.7.5.4","1.7.5.5","1.7.5.6","1.7.5.7","1.7.6","1.7.7","1.7.7.1","1.7.7.2","1.7.8","1.7.9","1.8.0","1.8.1","1.8.10","1.8.11","1.8.12","1.8.13","1.8.14","1.8.15","1.8.17","1.8.18","1.8.2","1.8.20","1.8.21","1.8.22","1.8.23","1.8.24","1.8.25","1.8.26","1.8.27","1.8.28","1.8.29","1.8.3","1.8.30","1.8.31","1.8.32","1.8.33","1.8.34","1.8.35","1.8.36","1.8.37","1.8.38","1.8.39","1.8.4","1.8.40","1.8.41","1.8.42","1.8.43","1.8.44","1.8.45","1.8.46","1.8.5","1.8.6","1.8.7","1.8.8","1.8.9","1.9.0","1.9.1","1.9.2","1.9.3","1.9.4","1.9.5","1.9.6","1.9.7","1.9.8","1.9.8.1","1.9.8.2","1.9.8.3","1.9.8.4","1.9.9","1.9.9.1","1.9.9.2","1.9.9.3","1.9.9.4","1.9.9.5","1.9.9.6","1.9.9.7","1.9.9.8","1.9.9.9","2.0.0","2.0.0-alpha","2.0.0-beta","2.0.0-rc","2.0.1","2.0.10","2.0.11","2.0.12","2.0.13","2.0.14","2.0.15","2.0.16","2.0.17","2.0.18","2.0.19","2.0.2","2.0.20","2.0.21","2.0.22","2.0.23","2.0.24","2.0.3","2.0.4","2.0.5","2.0.6","2.0.7","2.0.8","2.0.9","2.1.0","2.1.1","2.1.10","2.1.11","2.1.12","2.1.13","2.1.14","2.1.15","2.1.16","2.1.17","2.1.18","2.1.19","2.1.2","2.1.20","2.1.21","2.1.22","2.1.23","2.1.3","2.1.4","2.1.5","2.1.6","2.1.7","2.1.8","2.1.9"],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-55089.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:N/I:L/A:N"}]}