3 matches found
GHSA-PVRJ-8CG3-J5F8 auth-fetch-mcp has SSRF Protection Bypass via IPv4-mapped IPv6 Loopback
SSRF Protection Bypass via IPv4-mapped IPv6 Loopback Summary auth-fetch-mcp v3.0.1 implements SSRF protection in assertSafeUrl src/security.ts to block requests to private and loopback addresses. However, the isPrivateV6 function fails to detect IPv4-mapped IPv6 loopback addresses in their...
CodeWhale 代码问题漏洞
CodeWhale is a terminal coding intelligence tool developed by Hunter Bown. Versions of CodeWhale prior to 0.8.26 contained code vulnerabilities. These vulnerabilities stemmed from SSRF attacks that redirected hostname resolution to private IPv6 addresses. However, when IPv6 was provided in URLs...
Server-side Request Forgery (SSRF)
Overview open-webui is an Open WebUI Affected versions of this package are vulnerable to Server-side Request Forgery SSRF through the validateurl function in the URL validation component. An attacker can bypass private-address checks by supplying a hostname that resolves to a private IPv6 address...