3 matches found
CVE-2025-8267
Versions of the package ssrfcheck before 1.2.0 are vulnerable to Server-Side Request Forgery SSRF due to an incomplete denylist of IP address ranges. Specifically, the package fails to classify the reserved IP address space 224.0.0.0/4 Multicast as invalid. This oversight allows attackers to craf...
CVE-2025-8267
Versions of the package ssrfcheck before 1.2.0 are vulnerable to Server-Side Request Forgery SSRF due to an incomplete denylist of IP address ranges. Specifically, the package fails to classify the reserved IP address space 224.0.0.0/4 Multicast as invalid. This oversight allows attackers to craf...
CVE-2025-8267
CVE-2025-8267 affects the Python/JS package ssrfcheck prior to 1.2.0, with an incomplete IP denylist failing to classify 224.0.0.0/4 (Multicast) as invalid. This enables SSRF against multicast addresses via crafted requests. Public references from Red Hat, HTC OSV, GHSA, NVD, and PT-2025-31048 co...