exploitDog

CVE-2023-24622

Опубликовано: 30 янв. 2023

Источник: nvd

CVSS3: 5.3

EPSS Низкий

Описание

isInList in the safeurl-python package before 1.2 for Python has an insufficiently restrictive regular expression for external domains, leading to SSRF.

Ссылки

https://github.com/IncludeSecurity/safeurl-python/security/advisories/GHSA-jgh8-vchw-q3g7
Exploit
Third Party Advisory
https://github.com/IncludeSecurity/safeurl-python/security/advisories/GHSA-jgh8-vchw-q3g7
Exploit
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:includesecurity:safeurl-python:1.0:*:*:*:*:*:*:*

EPSS

Процентиль: 44%

0.00221

Низкий

5.3 Medium

CVSS3

Дефекты

CWE-918

CWE-918

Связанные уязвимости

GHSA-jgh8-vchw-q3g7

CVSS3: 5.3

github

около 3 лет назад

safeurl-python contains Server-Side Request Forgery

EPSS

Процентиль: 44%

0.00221

Низкий

5.3 Medium

CVSS3

Дефекты

CWE-918

CWE-918