What is GHSA-c329-4cx6-v738?

GHSA-c329-4cx6-v738 is a security advisory published by GitHub Security Advisories with Medium severity. CouchCMS 2.2.1 contains a server-side request forgery vulnerability that allows authenticated...

Which CVE IDs does GHSA-c329-4cx6-v738 cover?

GHSA-c329-4cx6-v738 covers the following CVE IDs: CVE-2021-47958. Each CVE has its own detail page on EchelonGraph Pulse with the synthesized EG score.

What is the CVSS v3 score of GHSA-c329-4cx6-v738?

GHSA-c329-4cx6-v738 has a CVSS v3 base score of 4.3, published by GitHub Security Advisories.

GHSA-c329-4cx6-v738MediumCVSS 4.3

CouchCMS 2.2.1 contains a server-side request forgery vulnerability that allows authenticated...

Vendor

GitHub Security Advisories

Published

May 15, 2026

Last Modified

May 15, 2026

🔗 CVE IDs covered (1)

CVE-2021-47958 →

📋 Description

CouchCMS 2.2.1 contains a server-side request forgery vulnerability that allows authenticated attackers to make arbitrary HTTP requests by uploading malicious SVG files. Attackers can upload SVG files containing external entity references through the browse.php endpoint to access internal services and resources.

🔗 References (5)

https://nvd.nist.gov/vuln/detail/CVE-2021-47958
https://github.com/CouchCMS/CouchCMS
https://www.exploit-db.com/exploits/49675
https://www.vulncheck.com/advisories/couchcms-server-side-request-forgery-via-svg-upload
https://github.com/advisories/GHSA-c329-4cx6-v738