Soft Serve is a self-hostable Git server for the command line. Versions prior to 0.11.1 have a SSRF vulnerability where webhook URLs are not validated, allowing repository administrators to create webhooks targeting internal services, private networks, and cloud metadata endpoints. Version 0.11.1 fixes the vulnerability.
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:L/A:LCharm Soft Serve
APPCharm< 0.11.1
Related vulnerabilities
SSRF w Soft Serve — dostęp do wewnętrznych usług przez LFS endpoint
Soft Serve is a self-hostable Git server for the command line. From version 0.6.0 to before version 0.11.6, an...
Soft Serve is a self-hostable Git server for the command line. Versions 0.11.2 and below have a critical authe...
Soft Serve is a self-hostable Git server for the command line. Prior to version 0.6.2, a security vulnerabilit...
Soft Serve is a self-hostable Git server for the command line. Prior to version 0.11.2, an authorization bypas...