{
  "affected": [
    {
      "database_specific": {
        "unresolved_ranges": [
          {
            "events": [
              {
                "introduced": "0"
              },
              {
                "last_affected": "1.9.0"
              }
            ]
          }
        ]
      },
      "ranges": [
        {
          "database_specific": {
            "versions": [
              {
                "introduced": "0"
              },
              {
                "last_affected": "1.3.0"
              },
              {
                "introduced": "0"
              },
              {
                "last_affected": "1.3.1"
              },
              {
                "introduced": "0"
              },
              {
                "last_affected": "1.3.2"
              },
              {
                "introduced": "0"
              },
              {
                "last_affected": "1.3.3"
              },
              {
                "introduced": "0"
              },
              {
                "last_affected": "1.3.4"
              },
              {
                "introduced": "0"
              },
              {
                "last_affected": "1.3.5"
              },
              {
                "introduced": "0"
              },
              {
                "last_affected": "1.3.6"
              },
              {
                "introduced": "0"
              },
              {
                "last_affected": "1.3.7"
              },
              {
                "introduced": "0"
              },
              {
                "last_affected": "1.3.8"
              },
              {
                "introduced": "0"
              },
              {
                "last_affected": "1.3.9"
              },
              {
                "introduced": "0"
              },
              {
                "last_affected": "1.3.10"
              },
              {
                "introduced": "0"
              },
              {
                "last_affected": "1.4.0"
              },
              {
                "introduced": "0"
              },
              {
                "last_affected": "1.4.0-m1"
              },
              {
                "introduced": "0"
              },
              {
                "last_affected": "1.4.0-m2"
              },
              {
                "introduced": "0"
              },
              {
                "last_affected": "1.4.1"
              },
              {
                "introduced": "0"
              },
              {
                "last_affected": "1.5.0"
              },
              {
                "introduced": "0"
              },
              {
                "last_affected": "1.5.0-m1"
              },
              {
                "introduced": "0"
              },
              {
                "last_affected": "1.5.0-m3"
              },
              {
                "introduced": "0"
              },
              {
                "last_affected": "1.6.0"
              },
              {
                "introduced": "0"
              },
              {
                "last_affected": "1.6.0-m1"
              },
              {
                "introduced": "0"
              },
              {
                "last_affected": "1.6.0-m4"
              },
              {
                "introduced": "0"
              },
              {
                "last_affected": "1.6.1"
              },
              {
                "introduced": "0"
              },
              {
                "last_affected": "1.7.0"
              },
              {
                "introduced": "0"
              },
              {
                "last_affected": "1.8.0"
              },
              {
                "introduced": "0"
              },
              {
                "last_affected": "1.8.0-m1"
              },
              {
                "introduced": "0"
              },
              {
                "last_affected": "1.8.1"
              },
              {
                "introduced": "0"
              },
              {
                "last_affected": "1.8.2"
              },
              {
                "introduced": "0"
              },
              {
                "last_affected": "1.8.3"
              },
              {
                "introduced": "0"
              },
              {
                "last_affected": "1.8.4"
              },
              {
                "introduced": "0"
              },
              {
                "last_affected": "1.8.5"
              },
              {
                "introduced": "0"
              },
              {
                "last_affected": "1.9.0-m1"
              },
              {
                "introduced": "0"
              },
              {
                "last_affected": "1.9.0-m2"
              },
              {
                "introduced": "0"
              },
              {
                "last_affected": "1.9.1"
              },
              {
                "introduced": "0"
              },
              {
                "last_affected": "1.9.2"
              },
              {
                "introduced": "0"
              },
              {
                "last_affected": "1.9.3"
              },
              {
                "introduced": "0"
              },
              {
                "last_affected": "1.9.4"
              },
              {
                "introduced": "0"
              },
              {
                "last_affected": "1.9.5"
              },
              {
                "introduced": "0"
              },
              {
                "last_affected": "1.9.6"
              },
              {
                "introduced": "0"
              },
              {
                "last_affected": "1.9.7"
              },
              {
                "introduced": "0"
              },
              {
                "last_affected": "1.9.8"
              },
              {
                "introduced": "0"
              },
              {
                "last_affected": "1.9.9"
              },
              {
                "introduced": "0"
              },
              {
                "last_affected": "1.9.10"
              },
              {
                "introduced": "0"
              },
              {
                "last_affected": "1.9.11"
              },
              {
                "introduced": "0"
              },
              {
                "last_affected": "2.0.0"
              },
              {
                "introduced": "0"
              },
              {
                "last_affected": "2.0.1"
              },
              {
                "introduced": "0"
              },
              {
                "last_affected": "2.0.2"
              },
              {
                "introduced": "0"
              },
              {
                "last_affected": "2.0.3"
              }
            ]
          },
          "events": [
            {
              "introduced": "0"
            },
            {
              "last_affected": "90003c7a83c711e2fb614ee5606852138ea1aa24"
            },
            {
              "introduced": "0"
            },
            {
              "last_affected": "59177f8bce837e3bd9a12b5a0145ce64d04d388e"
            },
            {
              "introduced": "0"
            },
            {
              "last_affected": "dba3422777a96b6349f87d3936f2e05e93774a7d"
            },
            {
              "introduced": "0"
            },
            {
              "last_affected": "68e8732054399829d202f76dd8b82b0b543a1bbe"
            },
            {
              "introduced": "0"
            },
            {
              "last_affected": "18603e87f614061fcc39200ea44545302a5553cd"
            },
            {
              "introduced": "0"
            },
            {
              "last_affected": "1d86fda7f1843fda182fa15c2703a1df150e41dd"
            },
            {
              "introduced": "0"
            },
            {
              "last_affected": "98f1d8572f4005f37c24b5d21cd58f86b168283c"
            },
            {
              "introduced": "0"
            },
            {
              "last_affected": "cd2b6f395cee4cd22b482764fea9d4b38343c521"
            },
            {
              "introduced": "0"
            },
            {
              "last_affected": "76d5f5b4827eaedf9e8e5dcb69e800607c6e615d"
            },
            {
              "introduced": "0"
            },
            {
              "last_affected": "22a6fc3dc40506532681b9663bba21d67c7a4a2d"
            },
            {
              "introduced": "0"
            },
            {
              "last_affected": "ba0852f9abd29ec931c10c0b3404d2db91ecd4ac"
            },
            {
              "introduced": "0"
            },
            {
              "last_affected": "b0b7147fbfb4471975b6efc63e1f4ca1c6af9d3a"
            },
            {
              "introduced": "0"
            },
            {
              "last_affected": "f190cbba70a6f58d03666e78c29d33493a0afb52"
            },
            {
              "introduced": "0"
            },
            {
              "last_affected": "0fae1d589d62260f893c3c2c0f8818d3229d2fcc"
            },
            {
              "introduced": "0"
            },
            {
              "last_affected": "50f8ab0778f5e9afc821d524c7fad3984d20dfc9"
            },
            {
              "introduced": "0"
            },
            {
              "last_affected": "ec84b1697760a3e801fd4ba4b31dd7f05592a9b9"
            },
            {
              "introduced": "0"
            },
            {
              "last_affected": "cd8b3674bdc095a05ceb466707bc528b8ffc5fd9"
            },
            {
              "introduced": "0"
            },
            {
              "last_affected": "4d61f52b293bfac278b30c3b5448595ed7a20b8f"
            },
            {
              "introduced": "0"
            },
            {
              "last_affected": "f3c1571d97011c166e9fa0587b6ac70ca8510d39"
            },
            {
              "introduced": "0"
            },
            {
              "last_affected": "657fc3a7029c9042fd8efb48f4e5a2fca4723275"
            },
            {
              "introduced": "0"
            },
            {
              "last_affected": "a01121da9face7147b4b976a714d6b308720e841"
            },
            {
              "introduced": "0"
            },
            {
              "last_affected": "71bedd3bb9ab1aa7b1b8314a4a1a625aa0c55350"
            },
            {
              "introduced": "0"
            },
            {
              "last_affected": "280731d926e432925173243f0641b9c738b753e1"
            },
            {
              "introduced": "0"
            },
            {
              "last_affected": "fc321f9c51fad856e02a6937a089c8e1e683fadc"
            },
            {
              "introduced": "0"
            },
            {
              "last_affected": "be2ae983a29ea7d6151ec4c0b8b92eab2d716a1b"
            },
            {
              "introduced": "0"
            },
            {
              "last_affected": "f10243f2bdaddeb79ac3f6d39a4631068e9aa122"
            },
            {
              "introduced": "0"
            },
            {
              "last_affected": "49e62191bc5fb056cd4d5f85bac20388362c3dc5"
            },
            {
              "introduced": "0"
            },
            {
              "last_affected": "a996eca2a347a70ed05586bd4a41e99ba4d5cdd5"
            },
            {
              "introduced": "0"
            },
            {
              "last_affected": "9857dec428f24a30f53a53d24b92e6eaea128cda"
            },
            {
              "introduced": "0"
            },
            {
              "last_affected": "01b7db00edbd32f297fe00f7b8e14ef99fc0e476"
            },
            {
              "introduced": "0"
            },
            {
              "last_affected": "89b48fac5cd3f463aa745e1bf6a0687042557553"
            },
            {
              "introduced": "0"
            },
            {
              "last_affected": "0d55d7b949f5e6028ed45f6747841cc0611ed68b"
            },
            {
              "introduced": "0"
            },
            {
              "last_affected": "e96308f7b020d05dda2dc09fcd78536c354f7231"
            },
            {
              "introduced": "0"
            },
            {
              "last_affected": "5b7dc7f934ec554f7b65e971bd3dbae4049614a5"
            },
            {
              "introduced": "0"
            },
            {
              "last_affected": "bd0e2d35aa5579ccd497c23eb682ebc1f960e4b8"
            },
            {
              "introduced": "0"
            },
            {
              "last_affected": "11fb661f88722df187bbda6ee8ac5f0022c3295f"
            },
            {
              "introduced": "0"
            },
            {
              "last_affected": "06ec6b3b56229dfb5c7d5fe564857cd4a6a62e1e"
            },
            {
              "introduced": "0"
            },
            {
              "last_affected": "6c4ecde10bfcf5db06fc4324c5f872d8bd303ad2"
            },
            {
              "introduced": "0"
            },
            {
              "last_affected": "800ce484a663897efd4b2086b51dca1f0e75c5f4"
            },
            {
              "introduced": "0"
            },
            {
              "last_affected": "b162f484aed53a1d79b98197ca5dde077ba689b4"
            },
            {
              "introduced": "0"
            },
            {
              "last_affected": "7ba583b1632876f4e0cd423afa8981017cf8242c"
            },
            {
              "introduced": "0"
            },
            {
              "last_affected": "b36a7cce0205302e9aeb4c1252998b309df47966"
            },
            {
              "introduced": "0"
            },
            {
              "last_affected": "48407d2e131d2c5271f64e8a9a005956c3f6aaf1"
            },
            {
              "introduced": "0"
            },
            {
              "last_affected": "94a70d436f4978ea5b0fc835fbdfc8dc4434125f"
            },
            {
              "introduced": "0"
            },
            {
              "last_affected": "4644f123d97a3fc84c9f2bca82dc3763da35fcc1"
            },
            {
              "introduced": "0"
            },
            {
              "last_affected": "d8a44e1273fa4c0923e3fa5c9a01654ad33e3980"
            },
            {
              "introduced": "0"
            },
            {
              "last_affected": "92b100999079d0e48497b67a8fb12f79fb712a5e"
            }
          ],
          "repo": "https://bitbucket.org/atlassian/atlassian-oauth",
          "type": "GIT"
        }
      ]
    }
  ],
  "details": "The IconUriServlet of the Atlassian OAuth Plugin from version 1.3.0 before version 1.9.12 and from version 2.0.0 before version 2.0.4 allows remote attackers to access the content of internal network resources and/or perform an XSS attack via Server Side Request Forgery (SSRF).",
  "id": "CVE-2017-9506",
  "modified": "2026-03-15T21:47:45.037724329Z",
  "published": "2017-08-23T19:29:00.197Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://medium.com/bugbountywriteup/piercing-the-veil-server-side-request-forgery-to-niprnet-access-171018bca2c3"
    },
    {
      "type": "REPORT",
      "url": "https://ecosystem.atlassian.net/browse/OAUTH-344"
    },
    {
      "type": "EVIDENCE",
      "url": "https://twitter.com/ankit_anubhav/status/973566620676382721"
    },
    {
      "type": "EVIDENCE",
      "url": "http://dontpanic.42.nl/2017/12/there-is-proxy-in-your-atlassian.html"
    },
    {
      "type": "EVIDENCE",
      "url": "https://twitter.com/Zer0Security/status/983529439433777152"
    }
  ],
  "severity": [
    {
      "score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
      "type": "CVSS_V3"
    }
  ]
}