Количество 2
Количество 2
CVE-2025-1211
Versions of the package hackney before 1.21.0 are vulnerable to Server-side Request Forgery (SSRF) due to improper parsing of URLs by URI built-in module and hackey. Given the URL http://127.0.0.1?@127.2.2.2/, the URI function will parse and see the host as 127.0.0.1 (which is correct), and hackney will refer the host as 127.2.2.2/. This vulnerability can be exploited when users rely on the URL function for host checking.
GHSA-vq52-99r9-h5pw
Server-side Request Forgery (SSRF) in hackney
Уязвимостей на страницу
Уязвимость | CVSS | EPSS | Опубликовано | |
|---|---|---|---|---|
 | CVE-2025-1211 Versions of the package hackney before 1.21.0 are vulnerable to Server-side Request Forgery (SSRF) due to improper parsing of URLs by URI built-in module and hackey. Given the URL http://127.0.0.1?@127.2.2.2/, the URI function will parse and see the host as 127.0.0.1 (which is correct), and hackney will refer the host as 127.2.2.2/. This vulnerability can be exploited when users rely on the URL function for host checking. | CVSS3: 6.5 | 0% Низкий | 12 месяцев назад |
| GHSA-vq52-99r9-h5pw Server-side Request Forgery (SSRF) in hackney | CVSS3: 6.5 | 0% Низкий | 12 месяцев назад |
Уязвимостей на страницу