{"dataType": "CVE_RECORD", "cveMetadata": {"state": "PUBLISHED", "cveId": "CVE-2023-46945", "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "dateUpdated": "2026-04-08T16:31:33.612Z", "dateReserved": "2023-10-30T00:00:00.000Z", "datePublished": "2026-04-08T00:00:00.000Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre", "dateUpdated": "2026-04-08T16:31:33.612Z"}, "descriptions": [{"lang": "en", "value": "QD 20230821 is vulnerable to Server-side request forgery (SSRF) via a crafted request"}], "affected": [{"vendor": "n/a", "product": "n/a", "versions": [{"version": "n/a", "status": "affected"}]}], "references": [{"url": "https://qd-today.github.io/qd/"}, {"url": "https://gist.github.com/kurokoleung/5b36b2013a54adadcce79967d3e4f056"}], "problemTypes": [{"descriptions": [{"type": "text", "lang": "en", "description": "n/a"}]}]}}, "dataVersion": "5.2"}

{}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "QD 20230821 is vulnerable to Server-side request forgery (SSRF) via a crafted request"}], "id": "CVE-2023-46945", "lastModified": "2026-04-08T21:26:13.410", "metrics": {}, "published": "2026-04-08T17:17:01.010", "references": [{"source": "cve@mitre.org", "url": "https://gist.github.com/kurokoleung/5b36b2013a54adadcce79967d3e4f056"}, {"source": "cve@mitre.org", "url": "https://qd-today.github.io/qd/"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Awaiting Analysis"}

{}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": null}], "enrichment": {"confidence": 80.0, "confidence_source": "inferred", "scores": [{"score": 80.0, "source": "inferred"}]}, "original": {"product": "n/a", "source": "cna", "vendor": "n/a"}, "product": "qd", "vendor": "qd-today"}], "analysis": {"en": {"generated_at": "2026-04-08T19:22:22.830298+00:00", "value": {"mitigation_remediation": ["Verify whether a patch or update for QD 20230821 is available from the vendor or community and apply it immediately if so.", "Restrict the outbound network access from the affected host to only legitimate destinations to mitigate the SSRF attack surface.", "Ensure that any user\u2011controlled input used to build outbound requests is properly validated or filtered to prevent malicious URLs."], "summary": {"action": "Assess Impact", "impact": "Server\u2011Side Request Forgery"}, "threat_synthesis": {"affected_systems": "The vulnerability affects the QD 20230821 build. No vendor or product family is specified, and no version range is provided. The advisory refers only to the specific QD 20230821 instance, making it the sole affected system identified in the data.", "description_and_impact": "QD 20230821 is vulnerable to Server\u2011Side Request Forgery via a crafted request. Based on the vulnerability type, a malicious client can supply a specially constructed request that the server unwittingly forwards as an outbound request to an arbitrary URL. The likely impact includes unauthorized access to internal services or exposure of internal data, as the attacker is able to direct the vulnerable server to reach resources it normally would not access.", "risk_and_exploitability": "The CVSS score is not disclosed and EPSS information is unavailable, so the exact risk level cannot be quantified. Based on typical SSRF behavior, the likely attack vector involves a user\u2011controlled request that forces the server to initiate outbound traffic. Because the flaw permits contacting arbitrary internal or external addresses, there is a moderate to high risk of data disclosure or service manipulation. The vulnerability is not listed in the CISA KEV catalog, and no official patch or workaround is provided; therefore, administrators should treat it as a significant risk if the service is exposed to untrusted users."}}}}, "created": "2026-04-08T19:44:38.280232+00:00", "title": "Server\u2011Side Request Forgery in QD 20230821", "updated": "2026-04-09T08:22:50.348879+00:00", "vendors": ["qd-today", "qd-today$PRODUCT$qd"], "weaknesses": ["CWE-918"]}