CVE-2023-3432

Description

Server-Side Request Forgery (SSRF) in GitHub repository plantuml/plantuml prior to 1.2023.9.

How to fix CVE-2023-3432

To remediate CVE-2023-3432, upgrade the affected package to a fixed version below.

• Debian/plantuml—no fix listed
• Maven/net.sourceforge.plantuml:plantuml—upgrade to 1.2023.9 or later
• —upgrade to 1.2023.9 or later

Is CVE-2023-3432 being exploited?

Low — EPSS is 0.2%, meaning exploitation activity has not been observed at scale.

Affected packages (3)

• from 0
• from 0, < 1.2023.9
• from 0, < 1.2023.9

CVSS scores

References (6)

• ADVISORYnvd.nist.gov/vuln/detail/CVE-2023-3432
• ADVISORYsecurity-tracker.debian.org/tracker/CVE-2023-3432
• PATCHgithub.com/plantuml/plantuml
• WEBgithub.com/plantuml/plantuml/commit/b32500bb61ae617bb312496d6d832e4be8190797