Primary

Context

Apache Fesod (Incubating) UrlImageConverter Component Server-Side Request Forgery Vulnerability

Vulnerability

Patched

A Server-Side Request Forgery (SSRF) vulnerability has been identified in the UrlImageConverter component of Apache Fesod (Incubating) versions prior to 2.0.2-incubating. This vulnerability allows attackers to send outbound network requests to internal or otherwise restricted resources by exploiting a user-supplied image URL.

Impact

Exploitation of this vulnerability allows for Server-Side Request Forgery (SSRF), enabling attackers to make requests to internal services or resources that are not publicly accessible.

Remediation

Users are advised to upgrade to Apache Fesod version 2.0.2-incubating, which addresses this vulnerability.

Added: Jun 1, 2026, 11:19 AM

Updated: Jun 1, 2026, 11:19 AM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

0.4

exploitability

6.8

remediation

0.0

relevance

9.7

threat

0.0

urgency

2.9

incentive

4.2

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

0.4

exploitability

6.8

remediation

0.0

relevance

9.7

threat

0.0

urgency

2.9

incentive

4.2

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Apache Fesod (Incubating) UrlImageConverter Component Server-Side Request Forgery Vulnerability

Vulnerability

Impact

Remediation

Affected Products

Apache Fesod

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating