CVE-2024-48107 – SparkShop versions up to 1.1.7 contain a server... (How to Fix)

Q: What is the severity of CVE-2024-48107?

CVE-2024-48107 has a CVSS score of 6.5 (MEDIUM). SparkShop versions up to 1.1.7 contain a server-side request forgery (SSRF) vulnerability that allows attackers to make the server send requests to internal network resources. This enables port scanning of internal systems, attacks against internal applications, and cloud metadata access. All organizations running vulnerable SparkShop versions are affected.

📋 TL;DR

SparkShop versions up to 1.1.7 contain a server-side request forgery (SSRF) vulnerability that allows attackers to make the server send requests to internal network resources. This enables port scanning of internal systems, attacks against internal applications, and cloud metadata access. All organizations running vulnerable SparkShop versions are affected.

💻 Affected Systems

Products:

SparkShop

Versions: <=1.1.7

Operating Systems: All

Default Config Vulnerable: ⚠️ Yes

Notes: All installations of affected versions are vulnerable regardless of configuration.

📦 What is this software?

Sparkshop by Sparkshop

View all CVEs affecting Sparkshop →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Attacker gains access to sensitive internal systems, exfiltrates data, or compromises cloud infrastructure via metadata exploitation.

🟠

Likely Case

Internal network reconnaissance leading to lateral movement opportunities and potential data exposure.

🟢

If Mitigated

Limited to port scanning and information gathering about internal network structure.

🌐 Internet-Facing: HIGH - Internet-facing instances allow external attackers to probe internal networks.

🏢 Internal Only: MEDIUM - Internal attackers could still exploit to pivot to other systems.

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: LIKELY

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

Public proof-of-concept exists in GitHub gist, exploitation requires minimal technical skill.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: >1.1.7

Vendor Advisory: https://gitee.com/sparkshop/sparkshop

Restart Required: Yes

Instructions:

1. Backup current installation. 2. Download latest version from official repository. 3. Replace all files with patched version. 4. Restart web server/service.

🔧 Temporary Workarounds

Network Segmentation

linux

Restrict outbound network access from SparkShop server to only required destinations

iptables -A OUTPUT -p tcp --dport 80 -j ACCEPT
iptables -A OUTPUT -p tcp --dport 443 -j ACCEPT
iptables -A OUTPUT -j DROP

Input Validation

all

Implement URL validation to reject internal/private IP addresses

🧯 If You Can't Patch

Implement strict network egress filtering to block requests to internal IP ranges
Deploy web application firewall (WAF) with SSRF protection rules

🔍 How to Verify

Check if Vulnerable:

Check if version is <=1.1.7 and test with SSRF payload to internal service

Check Version:

Check version in admin panel or package.json file

Verify Fix Applied:

Test with SSRF payload after update - should receive error or be blocked

📡 Detection & Monitoring

Log Indicators:

Unusual outbound requests from SparkShop to internal IPs
Multiple failed connection attempts to various ports

Network Indicators:

Spike in outbound connections from SparkShop server
Requests to cloud metadata endpoints (169.254.169.254)

SIEM Query:

source="sparkshop" AND (dst_ip=PRIVATE_IP_RANGE OR dst_port_SCAN)

📊 Metadata

CVE ID: CVE-2024-48107

CVSS v3 Score: 6.5 (MEDIUM)

CVSS Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

CWE: CWE-918

Published: October 28, 2024

Last Updated: April 18, 2025

🔗 References

https://gist.github.com/RMAX2000/ebb654016e5b8a5b55aa6d8a7f2f321a#file-cve-2024-48107 Third Party Advisory
https://gitee.com/sparkshop/sparkshop Product

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2024-48107, you might also want to check these: