Lucene search
K

11 matches found

RedhatCVE
RedhatCVE
added 2025/09/26 2:48 p.m.5 views

CVE-2020-36851

Rob--W cors-anywhere instances configured as an open proxy allow unauthenticated external users to induce the server to make HTTP requests to arbitrary targets SSRF. Because the proxy forwards requests and headers, an attacker can reach internal-only endpoints and link-local metadata services,...

9.5CVSS6.5AI score0.01005EPSS
Exploits0References1
Snyk
Snyk
added 2025/09/25 3:30 p.m.4 views

Server-side Request Forgery (SSRF)

Overview cors-anywhere is a CORS Anywhere is a reverse proxy which adds CORS headers to the proxied request. Request URL is taken from the path Affected versions of this package are vulnerable to Server-side Request Forgery SSRF via the proxy process. An attacker can access internal-only endpoint...

9.5CVSS7AI score0.01005EPSS
Exploits0References2
vulnersOsv
vulnersOsv
added 2025/09/25 3:30 p.m.7 views

@extplug/cors-proxy (>=1.0.0 <=1.0.1), @ir-engine/server-core (=1.6.0) +34 more potentially affected by CVE-2020-36851 via cors-anywhere (>=0.2.5 <=0.4.4)

cors-anywhere NPM version =0.2.5, =1.0.0, =0.0.7, =0.1.0, =0.13.0, =0.0.19, =0.5.0, =0.5.0, =1.0.0, =1.2.0, =1.1.0, =4.0.0, =5.0.0 and more Source cves: CVE-2020-36851 Source advisory: SNYK:JS-CORSANYWHERE-13109647...

9.5CVSS5.8AI score0.01005EPSS
Exploits0
vulnersOsv
vulnersOsv
added 2025/09/25 3:30 p.m.9 views

@extplug/cors-proxy (>=1.0.0 <=1.0.1), @ir-engine/server-core (=1.6.0) +34 more potentially affected by CVE-2020-36851 via cors-anywhere (>=0.2.5 <=0.4.4)

cors-anywhere NPM version =0.2.5, =1.0.0, =0.0.7, =0.1.0, =0.13.0, =0.0.19, =0.5.0, =0.5.0, =1.0.0, =1.2.0, =1.1.0, =4.0.0, =5.0.0 and more Source cves: CVE-2020-36851 Source advisory: OSV:GHSA-R3JV-XFGX-GJ24...

9.5CVSS5.8AI score0.01005EPSS
Exploits0
OSV
OSV
added 2025/09/25 3:30 p.m.4 views

GHSA-R3JV-XFGX-GJ24 cors-anywhere vulnerable to server-side request forgery

Rob -- W / cors-anywhere instances configured as an open proxy allow unauthenticated external users to induce the server to make HTTP requests to arbitrary targets SSRF. Because the proxy forwards requests and headers, an attacker can reach internal-only endpoints and link-local metadata services...

9.5CVSS6.6AI score0.01005EPSS
Exploits0References8
NVD
NVD
added 2025/09/25 3:16 p.m.5 views

CVE-2020-36851

Rob--W cors-anywhere instances configured as an open proxy allow unauthenticated external users to induce the server to make HTTP requests to arbitrary targets SSRF. Because the proxy forwards requests and headers, an attacker can reach internal-only endpoints and link-local metadata services,...

9.5CVSS0.01005EPSS
Exploits0References6
Vulnrichment
Vulnrichment
added 2025/09/25 2:45 p.m.3 views

CVE-2020-36851 Rob--W cors-anywhere Misconfigured CORS Proxy Allows SSRF

Rob--W cors-anywhere instances configured as an open proxy allow unauthenticated external users to induce the server to make HTTP requests to arbitrary targets SSRF. Because the proxy forwards requests and headers, an attacker can reach internal-only endpoints and link-local metadata services,...

9.5CVSS6.5AI score0.01005EPSS
Exploits0References6
ATTACKERKB
ATTACKERKB
added 2025/09/25 2:45 p.m.12 views

CVE-2020-36851

Rob--W cors-anywhere instances configured as an open proxy allow unauthenticated external users to induce the server to make HTTP requests to arbitrary targets SSRF. Because the proxy forwards requests and headers, an attacker can reach internal-only endpoints and link-local metadata services,...

9.5CVSS6.5AI score0.01005EPSS
Exploits0References7
Cvelist
Cvelist
added 2025/09/25 2:45 p.m.9 views

CVE-2020-36851 Rob--W cors-anywhere Misconfigured CORS Proxy Allows SSRF

Rob--W cors-anywhere instances configured as an open proxy allow unauthenticated external users to induce the server to make HTTP requests to arbitrary targets SSRF. Because the proxy forwards requests and headers, an attacker can reach internal-only endpoints and link-local metadata services,...

9.5CVSS0.01005EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2025/09/25 12:0 a.m.6 views

PT-2025-39389

Name of the Vulnerable Software and Affected Versions cors-anywhere affected versions not specified Description Instances of cors-anywhere configured as an open proxy permit unauthenticated external users to initiate HTTP requests to arbitrary targets, leading to Server-Side Request Forgery SSRF...

9.5CVSS6.3AI score0.01005EPSS
Exploits0References16
CNNVD
CNNVD
added 2025/09/25 12:0 a.m.4 views

cors-anywhere 安全漏洞

cors-anywhere is a NodeJS reverse proxy by Rob Wu, a personal developer. A security vulnerability exists in cors-anywhere that stems from allowing an unauthenticated external user when configured as an open proxy to trick the server into making HTTP requests to arbitrary targets, which could lead...

9.5CVSS6.7AI score0.01005EPSS
Exploits0References4
Rows per page
Query Builder