3 matches found
CVE-2020-36851
Rob--W cors-anywhere instances configured as an open proxy allow unauthenticated external users to induce the server to make HTTP requests to arbitrary targets SSRF. Because the proxy forwards requests and headers, an attacker can reach internal-only endpoints and link-local metadata services,...
CVE-2020-36851 Rob--W cors-anywhere Misconfigured CORS Proxy Allows SSRF
Rob--W cors-anywhere instances configured as an open proxy allow unauthenticated external users to induce the server to make HTTP requests to arbitrary targets SSRF. Because the proxy forwards requests and headers, an attacker can reach internal-only endpoints and link-local metadata services,...
PT-2025-39389
Name of the Vulnerable Software and Affected Versions cors-anywhere affected versions not specified Description Instances of cors-anywhere configured as an open proxy permit unauthenticated external users to initiate HTTP requests to arbitrary targets, leading to Server-Side Request Forgery SSRF...