Login Sign Up

CVE-2023-31848

8.8 HIGH
SSRF

📋 TL;DR

CVE-2023-31848 is a Server-Side Request Forgery (SSRF) vulnerability in davinci 0.3.0-rc that allows attackers to make unauthorized requests from the server to internal or external systems. This affects organizations running vulnerable versions of davinci, potentially exposing internal networks and services to attackers.

💻 Affected Systems

Products:
  • davinci
Versions: 0.3.0-rc
Operating Systems: All
Default Config Vulnerable: ⚠️ Yes
Notes: Only affects davinci 0.3.0-rc release candidate version. Other versions may be unaffected.

📦 What is this software?

Davinci by Davinci Project

View all CVEs affecting Davinci →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Attackers could access internal services, exfiltrate sensitive data, pivot to other systems, or perform attacks against internal infrastructure using the server as a proxy.

🟠

Likely Case

Information disclosure from internal services, scanning of internal networks, or limited data exfiltration from accessible internal endpoints.

🟢

If Mitigated

Limited impact if network segmentation restricts server outbound connections and internal services require authentication.

🌐 Internet-Facing: HIGH
🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ⚠️ Yes
Weaponized: LIKELY
Unauthenticated Exploit: ⚠️ Yes
Complexity: LOW

SSRF vulnerabilities are commonly exploited and public GitHub issues demonstrate the vulnerability.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Versions after 0.3.0-rc

Vendor Advisory: https://github.com/edp963/davinci/issues/2326

Restart Required: Yes

Instructions:

1. Upgrade davinci to a version newer than 0.3.0-rc. 2. Restart the davinci service. 3. Verify the fix by testing SSRF vectors.

🔧 Temporary Workarounds

Network egress filtering

all

Restrict outbound network connections from davinci servers to only necessary destinations

Input validation

all

Implement URL validation and whitelisting for all user-supplied URL parameters

🧯 If You Can't Patch

  • Implement strict network segmentation to isolate davinci servers from sensitive internal systems
  • Deploy a web application firewall (WAF) with SSRF protection rules

🔍 How to Verify

Check if Vulnerable:

Check davinci version. If running 0.3.0-rc, test SSRF by attempting to make requests to internal services via davinci's vulnerable endpoints.

Check Version:

Check davinci configuration files or application metadata for version information

Verify Fix Applied:

After upgrade, test SSRF vectors that previously worked. Attempt to access internal services (like 127.0.0.1, 169.254.169.254) through davinci endpoints.

📡 Detection & Monitoring

Log Indicators:

  • Unusual outbound requests from davinci server
  • Requests to internal IP addresses or metadata services
  • Multiple failed connection attempts to unusual destinations

Network Indicators:

  • davinci server making unexpected outbound connections
  • Traffic to internal-only services from davinci server
  • Requests to cloud metadata endpoints (169.254.169.254)

SIEM Query:

source="davinci" AND (dest_ip=127.0.0.1 OR dest_ip=169.254.169.254 OR dest_ip IN [internal_ranges])

📊 Metadata

CVE ID: CVE-2023-31848
CVSS v3 Score: 8.8 (HIGH)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CWE: CWE-918
Published: May 17, 2023
Last Updated: January 23, 2025

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2023-31848, you might also want to check these:

CVE-2023-3432 10.0

This CVE describes a Server-Side Request Forgery (SSRF) vulnerability in PlantUML versions prior to ...

Same vulnerability type (CWE-918)
CVE-2025-2828 10.0

This Server-Side Request Forgery (SSRF) vulnerability in langchain-community's RequestsToolkit allow...

Same vulnerability type (CWE-918)
CVE-2023-43654 10.0

TorchServe versions 0.1.0 to 0.8.1 have a critical vulnerability where the default configuration lac...

Same vulnerability type (CWE-918)