3 matches found
CVE-2022-24825
Smokescreen is a simple HTTP proxy that fogs over naughty URLs. The primary use case for Smokescreen is to prevent server-side request forgery SSRF attacks in which external attackers leverage the behavior of applications to connect to or scan internal infrastructure. Smokescreen also offers an...
CVE-2022-24825 Smokescreen SSRF via deny list bypass
Smokescreen is a simple HTTP proxy that fogs over naughty URLs. The primary use case for Smokescreen is to prevent server-side request forgery SSRF attacks in which external attackers leverage the behavior of applications to connect to or scan internal infrastructure. Smokescreen also offers an...
CVE-2022-24825
Smokescreen SSRF bypass: The deny-list protection can be bypassed by appending a dot to the end of user-supplied URLs or by using different letter case. This affects the library github.com/stripe/smokescreen; remediation is to upgrade to version 0.0.3 or later. The issue enables bypassing SSRF de...