{"vulnerability": "CVE-2021-40604", "sightings": [{"uuid": "91d6dd48-0580-414d-8172-8efa935fba5d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-40604", "type": "published-proof-of-concept", "source": "https://t.me/ptswarm/131", "content": "\ud83d\ude92Invision Community fixed an SSRF vulnerability (CVE-2021-40604) found by Mikhail Klyuchnikov!\n\nTimeline:\n\u2705 06/23/2021 - The advisory is published\n\ud83d\ude12 06/24/2021 - Requested CVE via MITRE\n\ud83d\ude00 06/13/2022 - CVE was assigned\n\nThe PoC\u2b06\ufe0f\n\nThe \"gkey\" param is an unfollow token.", "creation_timestamp": "2022-06-17T14:20:32.000000Z"}, {"uuid": "d56abd61-a387-4497-ad80-24782ba51c0f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-40604", "type": "seen", "source": "https://t.me/cibsecurity/44333", "content": "\u203c CVE-2021-40604 \u203c\n\nA Server-Side Request Forgery (SSRF) vulnerability in IPS Community Suite before 4.6.2 allows remote authenticated users to request arbitrary URLs or trigger deserialization via phar protocol when generating class names dynamically. In some cases an exploitation is possible by an unauthenticated user.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-06-13T22:22:09.000000Z"}]}