The private_address_check ruby gem is vulnerable to a bypass due to an incomplete blacklist of common private/local network addresses used to prevent server-side request forgery
Reporter | Title | Published | Views | Family All 9 |
---|---|---|---|---|
CVE | CVE-2017-0909 | 16 Nov 201722:29 | – | cve |
Github Security Blog | private_address_check contains Incomplete List of Disallowed Inputs | 30 Nov 201723:14 | – | github |
RubySec | private_address_check Ruby Gem Blacklist Bypass privilege escalation | 8 Nov 201721:00 | – | rubygems |
OSV | private_address_check contains Incomplete List of Disallowed Inputs | 30 Nov 201723:14 | – | osv |
OSV | CVE-2017-0909 | 16 Nov 201722:29 | – | osv |
Prion | Server side request forgery (ssrf) | 16 Nov 201722:29 | – | prion |
Veracode | Server Side Request Forgery (SSRF) | 17 Nov 201700:59 | – | veracode |
NVD | CVE-2017-0909 | 16 Nov 201722:29 | – | nvd |
Hacker One | HackerOne: Additional bypass allows SSRF for internal netblocks | 9 Nov 201720:38 | – | hackerone |
[
{
"product": "private_address_check ruby gem",
"vendor": "HackerOne",
"versions": [
{
"status": "affected",
"version": "Versions before 0.4.1"
}
]
}
]
Source | Link |
---|---|
hackerone | www.hackerone.com/reports/288950 |
github | www.github.com/jtdowney/private_address_check/pull/3 |
Transform Your Security Services
Elevate your offerings with Vulners' advanced Vulnerability Intelligence. Contact us for a demo and discover the difference comprehensive, actionable intelligence can make in your security strategy.
Book a live demo