27 matches found
GHSA-H9CW-7G8J-H66H Server-Side Request Forgery in link-preview-js
The package link-preview-js before 2.1.17 are vulnerable to Server-side Request Forgery SSRF which allows attackers to send arbitrary requests to the local network and read the response. This is due to flawed DNS rebinding protection...
CVE-2022-25876
The package link-preview-js before 2.1.16 are vulnerable to Server-side Request Forgery SSRF which allows attackers to send arbitrary requests to the local network and read the response. This is due to flawed DNS rebinding protection...
CVE-2022-25876 Server-side Request Forgery (SSRF)
The package link-preview-js before 2.1.16 are vulnerable to Server-side Request Forgery SSRF which allows attackers to send arbitrary requests to the local network and read the response. This is due to flawed DNS rebinding protection...
CVE-2022-25876
CVE-2022-25876 affects the npm package link-preview-js prior to version 2.1.16. The vulnerability is Server-side Request Forgery (SSRF) caused by flawed DNS rebinding protection, allowing an attacker to make arbitrary requests from the vulnerable host to the local network and read responses. Affe...
OPENSUSE-SU-2022:0079-1 Security update for minidlna
This update for minidlna fixes the following issues: minidlna was updated to version 1.3.1 boo1196814 - Fixed a potential crash in SSDP request parsing. - Fixed a configure script failure on some platforms. - Protect against DNS rebinding attacks. CVE-2022-26505 - Fix an socket leakage issue on...
[slackware-security] bind
New bind packages are available for Slackware 14.0, 14.1, 14.2, and -current to fix security issues. Here are the details from the Slackware 14.2 ChangeLog: patches/packages/bind-9.11.18-i586-1slack14.2.txz: Upgraded. This update fixes a security issue: DNS rebinding protection was ineffective wh...
CVE-2019-5464
A flawed DNS rebinding protection issue was discovered in GitLab CE/EE 10.2 and later in the urlblocker.rb which could result in SSRF where the library is utilized...