Количество 2
Количество 2
CVE-2025-66405
Portkey.ai Gateway is a blazing fast AI Gateway with integrated guardrails. Prior to 1.14.0, the gateway determined the destination baseURL by prioritizing the value in the x-portkey-custom-host request header. The proxy route then appends the client-specified path to perform an external fetch. This can be maliciously used by users for SSRF attacks. This vulnerability is fixed in 1.14.0.
GHSA-hhh5-2cvx-vmfp
Portkey.ai Gateway: Server-Side Request Forgery (SSRF) in Custom Host
Уязвимостей на страницу
Уязвимость | CVSS | EPSS | Опубликовано | |
|---|---|---|---|---|
 | CVE-2025-66405 Portkey.ai Gateway is a blazing fast AI Gateway with integrated guardrails. Prior to 1.14.0, the gateway determined the destination baseURL by prioritizing the value in the x-portkey-custom-host request header. The proxy route then appends the client-specified path to perform an external fetch. This can be maliciously used by users for SSRF attacks. This vulnerability is fixed in 1.14.0. | CVSS3: 9.8 | 0% Низкий | 2 месяца назад |
| GHSA-hhh5-2cvx-vmfp Portkey.ai Gateway: Server-Side Request Forgery (SSRF) in Custom Host | 0% Низкий | 2 месяца назад |
Уязвимостей на страницу