2 matches found
requests-hardened is Vulnerable to Server-Side Request Forgery
The SSRF protection in requests-hardened prior to version 1.2.1 fails to block IP addresses within the RFC 6598 Shared Address Space 100.64.0.0/10. An attacker who can supply arbitrary URLs to requests-hardened could exploit this gap to access internal services hosted within 100.64.0.0/10. This i...
Server Side Request Forgery (SSRF)
ssrfcheck is vulnerable to Server-Side Request Forgery SSRF. The vulnerability is due to an incomplete denylist that fails to classify the reserved multicast IP range 224.0.0.0/4 as invalid, which allows an attacker to craft requests targeting these multicast addresses...