Lucene search
GoogleOSV:GHSA-5HJH-C26M-XW8WHistoryMay 03, 2022 - 12:00 a.m.
ProxyScotch is vulnerable to a server-side Request Forgery (SSRF)
2022-05-0300:00:44
Google
osv.dev
9
proxyscotch
ssrf
vulnerability
interceptor mode
hoppscotch.io
github.com/hoppscotch/proxyscotch
sensitive information
server-side request forgery
software
EPSS
0.001
Percentile
51.0%
ProxyScotch is a simple proxy server created for hoppscotch.io. The package github.com/hoppscotch/proxyscotch before 1.0.0 are vulnerable to Server-side Request Forgery (SSRF) when interceptor mode is set to proxy. It occurs when an HTTP request is made by a backend server to an untrusted URL submitted by a user. It leads to a leakage of sensitive information from the server.
Related
cve
cve
CVE-2022-25850
2022-05-01 16:15:08
cvelist
cvelist
CVE-2022-25850 Server-side Request Forgery (SSRF)
2022-05-01 00:00:00
github
github
ProxyScotch is vulnerable to a server-side Request Forgery (SSRF)
2022-05-03 00:00:44
prion
prion
Server side request forgery (ssrf)
2022-05-01 16:15:00
nvd
nvd
CVE-2022-25850
2022-05-01 16:15:08
veracode
veracode
Server-side Request Forgery (SSRF)
2022-05-04 08:54:01
osv
osv
CVE-2022-25850
2022-05-01 16:15:08