11 matches found
CVE-2020-36851
Rob--W cors-anywhere instances configured as an open proxy allow unauthenticated external users to induce the server to make HTTP requests to arbitrary targets SSRF. Because the proxy forwards requests and headers, an attacker can reach internal-only endpoints and link-local metadata services,...
Server-side Request Forgery (SSRF)
Overview cors-anywhere is a CORS Anywhere is a reverse proxy which adds CORS headers to the proxied request. Request URL is taken from the path Affected versions of this package are vulnerable to Server-side Request Forgery SSRF via the proxy process. An attacker can access internal-only endpoint...
@extplug/cors-proxy (>=1.0.0 <=1.0.1), @ir-engine/server-core (=1.6.0) +34 more potentially affected by CVE-2020-36851 via cors-anywhere (>=0.2.5 <=0.4.4)
cors-anywhere NPM version =0.2.5, =1.0.0, =0.0.7, =0.1.0, =0.13.0, =0.0.19, =0.5.0, =0.5.0, =1.0.0, =1.2.0, =1.1.0, =4.0.0, =5.0.0 and more Source cves: CVE-2020-36851 Source advisory: SNYK:JS-CORSANYWHERE-13109647...
@extplug/cors-proxy (>=1.0.0 <=1.0.1), @ir-engine/server-core (=1.6.0) +34 more potentially affected by CVE-2020-36851 via cors-anywhere (>=0.2.5 <=0.4.4)
cors-anywhere NPM version =0.2.5, =1.0.0, =0.0.7, =0.1.0, =0.13.0, =0.0.19, =0.5.0, =0.5.0, =1.0.0, =1.2.0, =1.1.0, =4.0.0, =5.0.0 and more Source cves: CVE-2020-36851 Source advisory: OSV:GHSA-R3JV-XFGX-GJ24...
GHSA-R3JV-XFGX-GJ24 cors-anywhere vulnerable to server-side request forgery
Rob -- W / cors-anywhere instances configured as an open proxy allow unauthenticated external users to induce the server to make HTTP requests to arbitrary targets SSRF. Because the proxy forwards requests and headers, an attacker can reach internal-only endpoints and link-local metadata services...
CVE-2020-36851
Rob--W cors-anywhere instances configured as an open proxy allow unauthenticated external users to induce the server to make HTTP requests to arbitrary targets SSRF. Because the proxy forwards requests and headers, an attacker can reach internal-only endpoints and link-local metadata services,...
CVE-2020-36851 Rob--W cors-anywhere Misconfigured CORS Proxy Allows SSRF
Rob--W cors-anywhere instances configured as an open proxy allow unauthenticated external users to induce the server to make HTTP requests to arbitrary targets SSRF. Because the proxy forwards requests and headers, an attacker can reach internal-only endpoints and link-local metadata services,...
CVE-2020-36851
Rob--W cors-anywhere instances configured as an open proxy allow unauthenticated external users to induce the server to make HTTP requests to arbitrary targets SSRF. Because the proxy forwards requests and headers, an attacker can reach internal-only endpoints and link-local metadata services,...
CVE-2020-36851 Rob--W cors-anywhere Misconfigured CORS Proxy Allows SSRF
Rob--W cors-anywhere instances configured as an open proxy allow unauthenticated external users to induce the server to make HTTP requests to arbitrary targets SSRF. Because the proxy forwards requests and headers, an attacker can reach internal-only endpoints and link-local metadata services,...
PT-2025-39389
Name of the Vulnerable Software and Affected Versions cors-anywhere affected versions not specified Description Instances of cors-anywhere configured as an open proxy permit unauthenticated external users to initiate HTTP requests to arbitrary targets, leading to Server-Side Request Forgery SSRF...
cors-anywhere 安全漏洞
cors-anywhere is a NodeJS reverse proxy by Rob Wu, a personal developer. A security vulnerability exists in cors-anywhere that stems from allowing an unauthenticated external user when configured as an open proxy to trick the server into making HTTP requests to arbitrary targets, which could lead...