Lucene search
SnykCVELIST:CVE-2021-23718HistoryNov 22, 2021 - 12:00 a.m.
CVE-2021-23718 Server-side Request Forgery (SSRF)
2021-11-2200:00:00
snyk
www.cve.org
6.5 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:P
0.002 Low
EPSS
Percentile
59.4%
The package ssrf-agent before 1.0.5 are vulnerable to Server-side Request Forgery (SSRF) via the defaultIpChecker function. It fails to properly validate if the IP requested is private.
CNA Affected
[
{
"product": "ssrf-agent",
"vendor": "n/a",
"versions": [
{
"lessThan": "1.0.5",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
]Related
prion
prion
Server side request forgery (ssrf)
2021-11-22 17:15:00
osv
osv
Server-Side Request Forgery in ssrf-agent
2021-12-02 17:51:51
nvd
nvd
CVE-2021-23718
2021-11-22 17:15:08
cve
cve
CVE-2021-23718
2021-11-22 17:15:08
veracode
veracode
Server-Side Request Forgery (SSRF)
2021-11-23 03:15:05
github
github
Server-Side Request Forgery in ssrf-agent
2021-12-02 17:51:51
6.5 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:P
0.002 Low
EPSS
Percentile
59.4%
Related for CVELIST:CVE-2021-23718