Опубликовано: 23 мар. 2025
Источник: github
Github: Прошло ревью
CVSS4: 7.8
CVSS3: 8.2
Описание
nossrf Server-Side Request Forgery (SSRF)
Versions of the package nossrf before 1.0.4 are vulnerable to Server-Side Request Forgery (SSRF), where an attacker can provide a hostname that resolves to a local or reserved IP address space and bypass the SSRF protection mechanism.
Пакеты
Наименование
nossrf
npm
Затронутые версииВерсия исправления
< 1.0.4
1.0.4
Связанные уязвимости
CVSS3: 8.2
nvd
11 месяцев назад
Versions of the package nossrf before 1.0.4 are vulnerable to Server-Side Request Forgery (SSRF) where an attacker can provide a hostname that resolves to a local or reserved IP address space and bypass the SSRF protection mechanism.