2 matches found
CVE-2022-39239 nefly-ipx subject to Server-Side Request Forgery and Stored Cross-Site Scripting via Cache Poisoning and Improper Host Validation
netlify-ipx is an on-Demand image optimization for Netlify using ipx. In versions prior to 1.2.3, an attacker can bypass the source image domain allowlist by sending specially crafted headers, causing the handler to load and return arbitrary images. Because the response is cached globally, this...
PT-2022-24833 · Netlify · Netlify-Ipx
Name of the Vulnerable Software and Affected Versions: netlify-ipx versions prior to 1.2.3 Description: The issue allows an attacker to bypass the source image domain allowlist by sending specially crafted headers, causing the handler to load and return arbitrary images. Because the response is...