Dismissed
Permalink
CVE-2026-3052
6.3 MEDIUM
- CVSS version: 3.1
- Attack vector (AV):
- Attack complexity (AC):
- Privileges required (PR):
- User interaction (UI):
- Scope (S):
- Confidentiality impact (C):
- Integrity impact (I):
- Availability impact (A):
by @LeSuisse Activity log
- Created automatic suggestion
-
@LeSuisse
removed
6 packages
- rubyPackages.jekyll-theme-dinky
- rubyPackages_3_1.jekyll-theme-dinky
- rubyPackages_3_2.jekyll-theme-dinky
- rubyPackages_3_3.jekyll-theme-dinky
- rubyPackages_3_4.jekyll-theme-dinky
- rubyPackages_4_0.jekyll-theme-dinky
- @LeSuisse dismissed
DataLinkDC dinky Flink Proxy Controller FlinkProxyController.java proxyUba server-side request forgery
A vulnerability was found in DataLinkDC dinky up to 1.2.5. The impacted element is the function proxyUba of the file dinky-admin/src/main/java/org/dinky/controller/FlinkProxyController.java of the component Flink Proxy Controller. Performing a manipulation results in server-side request forgery. It is possible to initiate the attack remotely. The exploit has been made public and could be used. The vendor was contacted early about this disclosure but did not respond in any way.
References
- VDB-347410 | DataLinkDC dinky Flink Proxy Controller FlinkProxyController.java proxyUba server-side request forgery vdb-entry technical-description
- VDB-347410 | CTI Indicators (IOB, IOC, IOA) signature permissions-required
- Submit #757587 | DataLinkDC dinky <=1.2.5 Server-Side Request Forgery third-party-advisory
- https://github.com/AnalogyC0de/public_exp/issues/7 issue-tracking
- https://github.com/AnalogyC0de/public_exp/issues/7#issue-3935032160 issue-tracking exploit
Affected products
dinky
- ==1.2.5
- ==1.2.2
- ==1.2.1
- ==1.2.3
- ==1.2.0
- ==1.2.4
Ignored packages (6)
pkgs.rubyPackages.jekyll-theme-dinky
None
pkgs.rubyPackages_3_1.jekyll-theme-dinky
None
pkgs.rubyPackages_3_2.jekyll-theme-dinky
None
pkgs.rubyPackages_3_3.jekyll-theme-dinky
None
pkgs.rubyPackages_3_4.jekyll-theme-dinky
None