Описание
imgproxy is vulnerable to Server-Side Request Forgery
imgproxy prior to version 3.15.0 is vulnerable to Server-Side Request Forgery (SSRF) due to a lack of sanitization of the imageURL parameter.
Ссылки
Пакеты
Наименование
github.com/imgproxy/imgproxy/v3
go
Затронутые версииВерсия исправления
< 3.15.0
3.15.0
Связанные уязвимости
CVSS3: 5.3
nvd
почти 3 года назад
imgproxy <=3.14.0 is vulnerable to Server-Side Request Forgery (SSRF) due to a lack of sanitization of the imageURL parameter.