Lucene search
GoogleOSV:CVE-2021-23664HistoryJan 21, 2022 - 8:15 p.m.
CVE-2021-23664
2022-01-2120:15:08
Google
osv.dev
3
0.001 Low
EPSS
Percentile
50.6%
The package @isomorphic-git/cors-proxy before 2.7.1 are vulnerable to Server-side Request Forgery (SSRF) due to missing sanitization and validation of the redirection action in middleware.js.
| CPE | Name | Operator | Version |
|---|---|---|---|
| cors-proxy | eq | 0.0.1 | |
| cors-proxy | eq | 2.2.0 | |
| cors-proxy | eq | 2.3.0 | |
| cors-proxy | eq | 2.6.0 | |
| cors-proxy | eq | 2.2.2 | |
| cors-proxy | eq | 2.2.3 | |
| cors-proxy | eq | 2.0.0 | |
| cors-proxy | eq | 2.1.0 | |
| cors-proxy | eq | 2.0.1 | |
| cors-proxy | eq | 2.2.1 |
Related
veracode
veracode
Server-Side Request Forgery (SSRF)
2022-01-24 06:14:14
cvelist
cvelist
CVE-2021-23664 Server-side Request Forgery (SSRF)
2022-01-21 00:00:00
osv
osv
Server side request forgery in @isomorphic-git/cors-proxy
2022-01-26 22:13:05
prion
prion
Server side request forgery (ssrf)
2022-01-21 20:15:00
cve
cve
CVE-2021-23664
2022-01-21 20:15:08
github
github
Server side request forgery in @isomorphic-git/cors-proxy
2022-01-26 22:13:05
nvd
nvd
CVE-2021-23664
2022-01-21 20:15:08