Is CVE-2020-5775 known to be exploited?

4 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

Vulnerability in Instructure Canvas Learning Management System (Lms)

CVE-2020-5775

Server-Side Request Forgery in Canvas LMS 2020-07-29 allows a remote, unauthenticated attacker to cause the Canvas application to perform HTTP GET requests to arbitrary domains.

EPSS: 0.658 (98.5th percentile) — read the EPSS interpretation.

Affected products

N/a Instructure Canvas Learning Management System (Lms) — versions Canvas LMS 2020-07-29

Public proof-of-concept exploits

20142995/nuclei-templates
ARPSyndicate/cve-scores
ARPSyndicate/cvemon
ARPSyndicate/kenzer-templates

References

www.tenable.com/security/research/tra-2020-49 (x_refsource_MISC)

Frequently asked questions

What is CVE-2020-5775?: CVE-2020-5775 is a vulnerability in Instructure Canvas Learning Management System (Lms). Published 2020-08-21.
Is CVE-2020-5775 known to be exploited?: 4 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.