CVE-2022-31132 – Nextcloud Mail is an email application for the nextcloud personal cloud product. Affected …

Vuln ID: CVE-2022-31132

Published:  2022-08-04  17:15:08Z

Description: Nextcloud Mail is an email application for the nextcloud personal cloud product. Affected versions shipped with a CSS minifier on the path `./vendor/cerdic/css-tidy/css_optimiser.php`. Access to the minifier is unrestricted and access may lead to Server-Side Request Forgery (SSRF). It is recommendet to upgrade to Mail 1.12.7 or Mail 1.13.6. Users unable to upgrade may manually delete the file located at `./vendor/cerdic/css-tidy/css_optimiser.php`

Source: NVD.NIST.GOV