Описание
Versions of the package ssrfcheck before 1.2.0 are vulnerable to Server-Side Request Forgery (SSRF) due to an incomplete denylist of IP address ranges. Specifically, the package fails to classify the reserved IP address space 224.0.0.0/4 (Multicast) as invalid. This oversight allows attackers to craft requests targeting these multicast addresses.
Ссылки
- ExploitThird Party Advisory
- Patch
- Issue Tracking
- ExploitThird Party Advisory
Уязвимые конфигурации
Конфигурация 1Версия до 1.2.0 (исключая)
cpe:2.3:a:felipperegazio:ssrf_check:*:*:*:*:*:*:*:*
EPSS
Процентиль: 8%
0.00034
Низкий
8.2 High
CVSS3
5.3 Medium
CVSS3
Дефекты
CWE-918
Связанные уязвимости
CVSS3: 8.2
github
27 дней назад
ssrfcheck has Incomplete IP Address Deny List that leads to Server-Side Request Forgery Vulnerability
EPSS
Процентиль: 8%
0.00034
Низкий
8.2 High
CVSS3
5.3 Medium
CVSS3
Дефекты
CWE-918