CVE-2023-35817 | DevExpress up to 23.1.2 AsyncDownloader server-side request forgery

Inserito da Angelo Barbosa | Apr 28, 2025 | CVE

A vulnerability was found in DevExpress up to 23.1.2. It has been classified as critical. Affected is an unknown function of the component AsyncDownloader. The manipulation leads to server-side request forgery.

This vulnerability is traded as CVE-2023-35817. It is possible to launch the attack remotely. There is no exploit available.

It is recommended to upgrade the affected component.

CVE-2023-35817 | DevExpress up to 23.1.2 AsyncDownloader server-side request forgery

Post correlati

CVE-2024-33110 | D-Link DIR-845L up to 1.01KRb0 getcfg.php permission

CVE-2024-51706 | Upeksha Wisidagama UW Freelancer Plugin up to 0.1 on WordPress cross site scripting

CVE-2024-28580 | FreeImage 3.19.0 r1909 RAS Image ReadData buffer overflow

CVE-2024-9653 | Restaurant Menu Plugin up to 2.4.2 on WordPress cross site scripting