From 5175e4a2e30171fa0fe0ea1f0faaffcd75c6fe67 Mon Sep 17 00:00:00 2001
From: MostInterestingBotInTheWorld
 <98333686+MostInterestingBotInTheWorld@users.noreply.github.com>
Date: Sun, 19 Jun 2022 11:18:24 -0400
Subject: [PATCH] Enhancement: cves/2017/CVE-2017-18638.yaml by mp

---
 cves/2017/CVE-2017-18638.yaml | 6 ++++--
 1 file changed, 4 insertions(+), 2 deletions(-)

diff --git a/cves/2017/CVE-2017-18638.yaml b/cves/2017/CVE-2017-18638.yaml
index 4cf8aec3d8..2a11a5f2e9 100644
--- a/cves/2017/CVE-2017-18638.yaml
+++ b/cves/2017/CVE-2017-18638.yaml
@@ -1,10 +1,10 @@
 id: CVE-2017-18638
 
 info:
-  name: Graphite 'graphite.composer.views.send_email' SSRF
+  name: Graphite <=1.1.5 - Server-Side Request Forgery
   author: huowuzhao
   severity: high
-  description: Graphite's send_email in graphite-web/webapp/graphite/composer/views.py in versions up to 1.1.5 is vulnerable to SSRF. The vulnerable SSRF endpoint can be used by an attacker to have the Graphite web server request any resource. The response to this SSRF request is encoded into an image file and then sent to an email address that can be supplied by the attacker. Thus, an attacker can exfiltrate any information.
+  description: Graphite's send_email in graphite-web/webapp/graphite/composer/views.py in versions up to 1.1.5 is vulnerable to server-side request forgery (SSR)F. The vulnerable SSRF endpoint can be used by an attacker to have the Graphite web server request any resource. The response to this SSRF request is encoded into an image file and then sent to an email address that can be supplied by the attacker. Thus, an attacker can exfiltrate any information.
   reference:
     - http://blog.orange.tw/2017/07/how-i-chained-4-vulnerabilities-on.html
     - https://github.com/graphite-project/graphite-web/issues/2008
@@ -27,3 +27,5 @@ requests:
         part: interactsh_protocol
         words:
           - "http"
+
+# Enhanced by mp on 2022/06/19