Lucene search
K

11 matches found

NVD
NVD
added 2026/06/24 8:16 p.m.5 views

CVE-2026-47389

Mastodon is a free, open-source social network server based on ActivityPub. Prior to 4.5.10, 4.4.17, and 4.3.23, when using Ruby versions older than 3.4, PrivateAddressCheck.privateaddress? returns false for IPv4-mapped IPv6 addresses ::ffff:a.b.c.d corresponding to some private IPv4 addresses,...

8.6CVSS0.00232EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/24 7:41 p.m.21 views

CVE-2026-47389 Mastodon: SSRF protection bypass on older Ruby versions

Mastodon is a free, open-source social network server based on ActivityPub. Prior to 4.5.10, 4.4.17, and 4.3.23, when using Ruby versions older than 3.4, PrivateAddressCheck.privateaddress? returns false for IPv4-mapped IPv6 addresses ::ffff:a.b.c.d corresponding to some private IPv4 addresses,...

8.6CVSS0.00232EPSS
Exploits0References1
Anthropic
Anthropic
added 2026/03/30 11:19 p.m.58 views

ANT-2026-6DSMTXZ8 · mastodon · SSRF

ssrf high GHSA-crr4-7rm4-8gpw Severity Claude high · Security research firm high · Maintainer unknown Discovered by Claude Mythos Preview REPORT Anthropic's analysis, sealed at approval. Disclosure to the maintainer was performed by Doyensec. ANT-2026-6DSMTXZ8: SSRF Bypass via IPv6 Unspecified...

5.9AI score
Exploits0
Vulnrichment
Vulnrichment
added 2026/03/27 7:21 p.m.2 views

CVE-2026-31943 LibreChat has SSRF protection bypass via IPv4-mapped IPv6 normalization in isPrivateIP

LibreChat is a ChatGPT clone with additional features. Prior to version 0.8.3, isPrivateIP in packages/api/src/auth/domain.ts fails to detect IPv4-mapped IPv6 addresses in their hex-normalized form, allowing any authenticated user to bypass SSRF protection and make the server issue HTTP requests ...

8.5CVSS5.9AI score0.00213EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2026/03/26 3:17 p.m.5 views

CVE-2026-32019

OpenClaw versions prior to 2026.2.22 contain incomplete IPv4 special-use range validation in the isPrivateIpv4 function, allowing requests to RFC-reserved ranges to bypass SSRF policy checks. Attackers with network reachability to special-use IPv4 ranges can exploit webfetch functionality to acce...

7.4CVSS5.8AI score0.00206EPSS
Exploits0References1
OSV
OSV
added 2018/07/31 6:13 p.m.18 views

GHSA-2XVJ-J3QH-X8C3 private_address_check contains race condition

The privateaddresscheck ruby gem before 0.5.0 is vulnerable to a time-of-check time-of-use TOCTOU race condition due to the address the socket uses not being checked. DNS entries with a TTL of 0 can trigger this case where the initial resolution is a public address but the subsequent resolution i...

4.3CVSS3.8AI score0.00691EPSS
Exploits0References5
CNVD
CNVD
added 2018/06/19 12:0 a.m.4 views

private_address_check ruby gem competition condition vulnerability

privateaddresscheck ruby gem is a Ruby-based checking tool for server-side request forgery attacks. A contention condition vulnerability exists in the privateaddresscheck ruby gem that stems from the program failing to detect the address used by a socket. No detailed vulnerability details are...

4.3CVSS4.7AI score0.00691EPSS
Exploits0References1
CNVD
CNVD
added 2017/11/22 12:0 a.m.5 views

private_address_check ruby gem server-side request forgery vulnerability

privateaddresscheck ruby gem is a Ruby-based checking tool for server-side request forgery attacks. A server-side request forgery vulnerability exists in versions of the privateaddresscheck ruby gem prior to 0.4.1. An attacker can exploit this vulnerability to bypass blacklists and perform...

9.8CVSS6.9AI score0.02032EPSS
Exploits0References1
CNVD
CNVD
added 2017/11/17 12:0 a.m.35 views

private_address_check ruby gem security restriction bypass vulnerability

privateaddresscheck ruby gem is a Ruby-based checking tool for server-side request forgery attacks. A security restriction bypass vulnerability exists in the privateaddresscheck ruby gem prior to version 0.4.0, which stems from the program's use of Ruby's Resolv.getaddresses method. An attacker...

8.1CVSS6.8AI score0.02415EPSS
Exploits0References1
NVD
NVD
added 2017/11/16 10:29 p.m.23 views

CVE-2017-0909

The privateaddresscheck ruby gem before 0.4.1 is vulnerable to a bypass due to an incomplete blacklist of common private/local network addresses used to prevent server-side request forgery...

9.8CVSS9.5AI score0.02032EPSS
Exploits0References2
OSV
OSV
added 2017/11/16 10:29 p.m.22 views

CVE-2017-0909

The privateaddresscheck ruby gem before 0.4.1 is vulnerable to a bypass due to an incomplete blacklist of common private/local network addresses used to prevent server-side request forgery...

9.8CVSS7.1AI score
Exploits0References2
Rows per page
Query Builder