Primary

Context

Grist-Core Server-Side Request Vulnerability Allowing Privileged Network Access

Vulnerability

A vulnerability in Grist-Core prior to version 1.7.6 allows users with access to any document to execute server-side URL fetches. This capability could be exploited to escalate attacks by leveraging the privileged network access of these requests.

Impact

Exploitation of this vulnerability could lead to unauthorized access or manipulation of network resources, potentially allowing for further escalation of attacks.

Remediation

Users are advised to upgrade to Grist-Core version 1.7.6 or later. For those unable to upgrade, avoid making HTTP or HTTPS endpoints available that expose credentials or operate without them.

Added: Nov 13, 2025, 10:18 PM

Updated: Nov 13, 2025, 10:18 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

7.5

exploitability

7.4

remediation

7.7

relevance

1.0

threat

0.0

urgency

2.9

incentive

5.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

7.5

exploitability

7.4

remediation

7.7

relevance

1.0

threat

0.0

urgency

2.9

incentive

5.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Grist-Core Server-Side Request Vulnerability Allowing Privileged Network Access

Vulnerability

Impact

Remediation

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating