Количество 2
Количество 2
CVE-2025-8267
Versions of the package ssrfcheck before 1.2.0 are vulnerable to Server-Side Request Forgery (SSRF) due to an incomplete denylist of IP address ranges. Specifically, the package fails to classify the reserved IP address space 224.0.0.0/4 (Multicast) as invalid. This oversight allows attackers to craft requests targeting these multicast addresses.
GHSA-c2fv-2fmj-9xrx
ssrfcheck has Incomplete IP Address Deny List that leads to Server-Side Request Forgery Vulnerability
Уязвимостей на страницу
Уязвимость | CVSS | EPSS | Опубликовано | |
|---|---|---|---|---|
 | CVE-2025-8267 Versions of the package ssrfcheck before 1.2.0 are vulnerable to Server-Side Request Forgery (SSRF) due to an incomplete denylist of IP address ranges. Specifically, the package fails to classify the reserved IP address space 224.0.0.0/4 (Multicast) as invalid. This oversight allows attackers to craft requests targeting these multicast addresses. | CVSS3: 8.2 | 0% Низкий | 28 дней назад |
| GHSA-c2fv-2fmj-9xrx ssrfcheck has Incomplete IP Address Deny List that leads to Server-Side Request Forgery Vulnerability | CVSS3: 8.2 | 0% Низкий | 28 дней назад |
Уязвимостей на страницу