15 matches found
EUVD-2025-0172
Malicious code in bioql PyPI...
CVE-2025-24354
imgproxy is server for resizing, processing, and converting images. Imgproxy does not block the 0.0.0.0 address, even with IMGPROXYALLOWLOOPBACKSOURCEADDRESSES set to false. This can expose services on the local host. This vulnerability is fixed in 3.27.2...
CVE-2023-30019
imgproxy =3.14.0 is vulnerable to Server-Side Request Forgery SSRF due to a lack of sanitization of the imageURL parameter...
Server-Side Request Forgery (SSRF)
github.com/imgproxy/imgproxy is vulnerable to Server-Side Request Forgery SSRF. The vulnerability is due to improper restriction of loopback addresses, allowing access to local services by not blocking the 0.0.0.0 address even when IMGPROXYALLOWLOOPBACKSOURCEADDRESSES is set to false...
imgproxy is vulnerable to SSRF against 0.0.0.0
Summary Imgproxy does not block the 0.0.0.0 address, even with IMGPROXYALLOWLOOPBACKSOURCEADDRESSES set to false. This can expose services on the local host. Details imgproxy protects against SSRF against a loopback address with the following check source: if !config.AllowLoopbackSourceAddresses ...
GHSA-J2HP-6M75-V4J4 imgproxy is vulnerable to SSRF against 0.0.0.0
Summary Imgproxy does not block the 0.0.0.0 address, even with IMGPROXYALLOWLOOPBACKSOURCEADDRESSES set to false. This can expose services on the local host. Details imgproxy protects against SSRF against a loopback address with the following check source: if !config.AllowLoopbackSourceAddresses ...
CVE-2025-24354
imgproxy is server for resizing, processing, and converting images. Imgproxy does not block the 0.0.0.0 address, even with IMGPROXYALLOWLOOPBACKSOURCEADDRESSES set to false. This can expose services on the local host. This vulnerability is fixed in 3.27.2...
CVE-2025-24354 imgproxy is vulnerable to SSRF against 0.0.0.0
imgproxy is server for resizing, processing, and converting images. Imgproxy does not block the 0.0.0.0 address, even with IMGPROXYALLOWLOOPBACKSOURCEADDRESSES set to false. This can expose services on the local host. This vulnerability is fixed in 3.27.2...
CVE-2025-24354 imgproxy is vulnerable to SSRF against 0.0.0.0
imgproxy is server for resizing, processing, and converting images. Imgproxy does not block the 0.0.0.0 address, even with IMGPROXYALLOWLOOPBACKSOURCEADDRESSES set to false. This can expose services on the local host. This vulnerability is fixed in 3.27.2...
CVE-2025-24354
Imgproxy (CVE-2025-24354) is affected by a Server-Side Request Forgery (SSRF) due to not blocking the 0.0.0.0 address when IMGPROXY_ALLOW_LOOPBACK_SOURCE_ADDRESSES is false. This allows access to local-host services because 0.0.0.0 is not considered loopback by Go’s ip.IsLoopback() check. The iss...
PT-2025-5337 · Imgproxy +1 · Imgproxy +1
Name of the Vulnerable Software and Affected Versions: imgproxy versions prior to 3.27.2 Description: The issue concerns imgproxy, a server for resizing, processing, and converting images. It does not block the 0.0.0.0 address, even when IMGPROXY ALLOW LOOPBACK SOURCE ADDRESSES is set to false...
imgproxy is vulnerable to Server-Side Request Forgery
imgproxy prior to version 3.15.0 is vulnerable to Server-Side Request Forgery SSRF due to a lack of sanitization of the imageURL parameter...
CVE-2023-30019
imgproxy =3.14.0 is vulnerable to Server-Side Request Forgery SSRF due to a lack of sanitization of the imageURL parameter...
Server side request forgery (ssrf)
imgproxy =3.14.0 is vulnerable to Server-Side Request Forgery SSRF due to a lack of sanitization of the imageURL parameter...
CVE-2023-30019
imgproxy =3.14.0 is vulnerable to Server-Side Request Forgery SSRF due to a lack of sanitization of the imageURL parameter...