Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
cvelistHackeroneCVELIST:CVE-2017-0904
HistoryNov 05, 2017 - 12:00 a.m.

CVE-2017-0904

2017-11-0500:00:00
CWE-242
hackerone
www.cve.org

8.1 High

AI Score

Confidence

High

0.004 Low

EPSS

Percentile

72.8%

JSON

The private_address_check ruby gem before 0.4.0 is vulnerable to a bypass due to use of Ruby’s Resolv.getaddresses method, which is OS-dependent and should not be relied upon for security measures, such as when used to blacklist private network addresses to prevent server-side request forgery.

CNA Affected

[
  {
    "product": "private_address_check ruby gem",
    "vendor": "jtdowney",
    "versions": [
      {
        "status": "affected",
        "version": "Versions before 0.4.0"
      }
    ]
  }
]

Related

cve 1
hackerone 1
prion 1
osv 2
github 1
veracode 1
nvd 1
cve
cve
CVE-2017-0904
2017-11-13 17:29:00
hackerone
hackerone
HackerOne: Blind SSRF in "Integrations" by abusing a bug in Ruby's native resolver.
2017-11-03 23:32:34
prion
prion
Server side request forgery (ssrf)
2017-11-13 17:29:00
osv
osv
CVE-2017-0904
2017-11-13 17:29:00
private_address_check vulnerable to bypass of Resolv.getaddresses method
2017-11-29 23:21:05
github
github
private_address_check vulnerable to bypass of Resolv.getaddresses method
2017-11-29 23:21:05
veracode
veracode
Server-Side Request Forgery (SSRF)
2017-11-14 08:11:23
nvd
nvd
CVE-2017-0904
2017-11-13 17:29:00

8.1 High

AI Score

Confidence

High

0.004 Low

EPSS

Percentile

72.8%

JSON
Related for CVELIST:CVE-2017-0904
cve1hackerone1prion1osv2github1veracode1nvd1