CVE-2022-1213
Server side request forgery in LiveHelperChat
7.7
HIGH
CVSS 3.1
EPSS 0.13%
Description
SSRF filter bypass port 80, 433 in LiveHelperChat prior to v3.67. An attacker could make the application perform arbitrary requests, bypass CVE-2022-1191
How to fix CVE-2022-1213
To remediate CVE-2022-1213, upgrade the affected package to a fixed version below.
- Bitnami/livehelperchat—upgrade to 3.97.0 or later
- —upgrade to 3.67 or later
Is CVE-2022-1213 being exploited?
Low — EPSS is 0.1%, meaning exploitation activity has not been observed at scale.
Affected packages (2)
- from 0, < 3.97.0
- from 0, < 3.67
CVSS scores
| Source | Version | Severity | Vector |
|---|---|---|---|
| osv | CVSS 3.1 | HIGH7.7 | CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:L |