Lucene search
MitreCVE-2023-24623HistoryJan 30, 2023 - 5:15 a.m.
CVE-2023-24623
2023-01-3005:15:10
CWE-918
mitre
web.nvd.nist.gov
119
cve-2023-24623
paranoidhttp
ssrf
nvd
security vulnerability
CVSS3
7.5
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
HIGH
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
AI Score
7.4
Confidence
High
EPSS
0.001
Percentile
31.9%
Paranoidhttp before 0.3.0 allows SSRF because [::] is equivalent to the 127.0.0.1 address, but does not match the filter for private addresses.
Affected configurations
Node
paranoidhttp_projectparanoidhttpRange<0.3.0
| Vendor | Product | Version | CPE |
|---|---|---|---|
| paranoidhttp_project | paranoidhttp | * | cpe:2.3:a:paranoidhttp_project:paranoidhttp:*:*:*:*:*:*:*:* |
Related
nvd
nvd
CVE-2023-24623
2023-01-30 05:15:10
veracode
veracode
Server-Side Request Forgery (SSRF)
2023-02-01 05:10:23
osv
osv
Paranoidhttp Server-Side Request Forgery vulnerability
2023-01-30 06:30:27
CVE-2023-24623
2023-01-30 05:15:10
Server-side request forgery in github.com/hakobe/paranoidhttp
2023-02-14 16:19:07
github
github
Paranoidhttp Server-Side Request Forgery vulnerability
2023-01-30 06:30:27
cvelist
cvelist
CVE-2023-24623
2023-01-30 00:00:00
prion
prion
Design/Logic Flaw
2023-01-30 05:15:00
CVSS3
7.5
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
HIGH
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
AI Score
7.4
Confidence
High
EPSS
0.001
Percentile
31.9%
Related for CVE-2023-24623