CVE-2023-27163

Опубликовано: 31 мар. 2023

Источник: nvd

CVSS3: 6.5

EPSS Критический

Описание

request-baskets up to v1.2.1 was discovered to contain a Server-Side Request Forgery (SSRF) via the component /api/baskets/{name}. This vulnerability allows attackers to access network resources and sensitive information via a crafted API request.

Ссылки

http://packetstormsecurity.com/files/174128/Request-Baskets-1.2.1-Server-Side-Request-Forgery.html
http://packetstormsecurity.com/files/174129/Maltrail-0.53-Remote-Code-Execution.html
http://request-baskets.com
Broken Link
Product
https://gist.github.com/b33t1e/3079c10c88cad379fb166c389ce3b7b3
Exploit
Third Party Advisory
https://github.com/darklynx/request-baskets
Product
https://notes.sjtu.edu.cn/s/MUUhEymt7
Exploit
Third Party Advisory
http://packetstormsecurity.com/files/174128/Request-Baskets-1.2.1-Server-Side-Request-Forgery.html
http://packetstormsecurity.com/files/174129/Maltrail-0.53-Remote-Code-Execution.html
http://request-baskets.com
Broken Link
Product
https://gist.github.com/b33t1e/3079c10c88cad379fb166c389ce3b7b3
Exploit
Third Party Advisory
https://github.com/darklynx/request-baskets
Product
https://notes.sjtu.edu.cn/s/MUUhEymt7
Exploit
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:rbaskets:request_baskets:*:*:*:*:*:*:*:*

Версия до 1.2.1 (включая)

EPSS

Процентиль: 100%

0.93045

Критический

6.5 Medium

CVSS3

Дефекты

CWE-918

Связанные уязвимости

GHSA-58g2-vgpg-335q

CVSS3: 6.5

github

почти 3 года назад

request-baskets vulnerable to Server-Side Request Forgery

BDU:2023-05313

CVSS3: 6.5

fstec

почти 3 года назад

Уязвимость интерфейса веб-сервиса сбора и проверки HTTP-запросов Request Baskets, позволяющая нарушителю осуществить SSRF-атаку

EPSS

Процентиль: 100%

0.93045

Критический

6.5 Medium

CVSS3

Дефекты

CWE-918