Recent Vulnerabilities Product List Research Posts Trends Blog About Contact

Published: 19/02/2025 Updated: 19/02/2025

Server-Side Request Forgery in Pigeon 1.0.177 via URL Argument Manipulation

A critical vulnerability exists in kasuganosoras Pigeon version 1.0.177. The issue affects the /pigeon/imgproxy/index.php file, specifically through manipulation of the url argument. This vulnerability enables server-side request forgery and can be initiated remotely. Users are strongly advised to upgrade to version 1.0.181, which addresses the security flaw. The recommended patch is identified by the commit hash 84cea5fe73141689da2e7ec8676d47435bd6423e. Upgrading the affected component will help mitigate potential security risks associated with this vulnerability.

Vulnerable Product	Search on Vulmon	Subscribe to Product
kasuganosoras pigeon

CWE-918 https://nvd.nist.gov https://www.first.org/epss https://github.com/kasuganosoras/Pigeon/commit/84cea5fe73141689da2e7ec8676d47435bd6423e https://github.com/kasuganosoras/Pigeon/releases/tag/1.0.181 https://github.com/sheratan4/cve/issues/2 https://vuldb.com/?ctiid.296134 https://vuldb.com/?id.296134 https://vuldb.com/?submit.501978

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Product List Vendor List Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2025-1447

Vulnerability Summary

References

Vulmon Search

About

Products

Connect