Lucene search

[email protected]CVE-2023-27163

HistoryMar 31, 2023 - 8:15 p.m.

CVE-2023-27163

2023-03-3120:15:07

CWE-918

[email protected]

web.nvd.nist.gov

3115

cve-2023-27163

request-baskets

ssrf

api security

network security

vulnerability

6.5 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N

0.081 Low

EPSS

Percentile

94.4%

JSON

request-baskets up to v1.2.1 was discovered to contain a Server-Side Request Forgery (SSRF) via the component /api/baskets/{name}. This vulnerability allows attackers to access network resources and sensitive information via a crafted API request.

Affected configurations

NVD

Node

rbasketsrequest_basketsRange≤1.2.1

CPENameOperatorVersion
rbaskets:request_basketsrbaskets request basketsle1.2.1

CPE	Name	Operator	Version
rbaskets:request_baskets	rbaskets request baskets	le	1.2.1

References

packetstormsecurity.com/files/174128/Request-Baskets-1.2.1-Server-Side-Request-Forgery.html

packetstormsecurity.com/files/174129/Maltrail-0.53-Remote-Code-Execution.html

request-baskets.com

gist.github.com/b33t1e/3079c10c88cad379fb166c389ce3b7b3

github.com/darklynx/request-baskets

notes.sjtu.edu.cn/s/MUUhEymt7

6.5 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N

0.081 Low

EPSS

Percentile

94.4%

JSON

Related for CVE-2023-27163

prion1 nvd1 githubexploit17 veracode1 cvelist1 zdt2 osv2 packetstorm2 github1 exploitdb1