2 matches found
MAL-2026-6591 Malicious code in ledgerflow-deploy-utils (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 5f0097d19be676ac30ff79dffcff38f128873c80115a8a150c3eceff0422aa93 On npm install, the package's postinstall script queries the AWS instance metadata service IMDSv1 at 169.254.169.254 for the attached IAM role and...
New Relic: Blind SSRF on synthetics.newrelic.com
Introduction It was possible to retrieve some data from the http://169.254.169.254/latest/ URL corresponding to the amazon instance metadatas. With more time, we can dump the whole content. PoC When creating a Ping Monitor on the https://synthetics.newrelic.com/accounts/XXXXXXX/synthetics URL, it...