GHSA-h9cw-7g8j-h66h

Опубликовано: 02 июл. 2022

Источник: github

Github: Прошло ревью

CVSS3: 5.5

Описание

Server-Side Request Forgery in link-preview-js

The package link-preview-js before 2.1.17 are vulnerable to Server-side Request Forgery (SSRF) which allows attackers to send arbitrary requests to the local network and read the response. This is due to flawed DNS rebinding protection.

Ссылки

Пакеты

Наименование

link-preview-js

npm

Затронутые версииВерсия исправления

< 2.1.17

2.1.17

EPSS

Процентиль: 23%

0.00074

Низкий

5.5 Medium

CVSS3

CVE ID

CVE-2022-25876

Дефекты

CWE-918

Связанные уязвимости

CVE-2022-25876

CVSS3: 6.2

nvd

больше 3 лет назад

The package link-preview-js before 2.1.16 are vulnerable to Server-side Request Forgery (SSRF) which allows attackers to send arbitrary requests to the local network and read the response. This is due to flawed DNS rebinding protection.

EPSS

Процентиль: 23%

0.00074

Низкий

5.5 Medium

CVSS3

CVE ID

CVE-2022-25876

Дефекты

CWE-918