4 matches found
CVE-2026-45568 zrok Python ProxyShare can be used as an SSRF proxy through absolute URL paths
zrok is software for sharing web services, files, and network resources. Prior to 2.0.3, zrok's Python SDK ProxyShare Flask proxy route accepts an absolute URL in the request path and passes it to urllib.parse.urljoin, allowing the requested path to replace the configured target host and causing...
CVE-2026-45568
CVE-2026-45568 affects zrok ProxyShare (Python SDK) where the Flask proxy route accepts an absolute URL in the path and passes it to urllib.parse.urljoin, allowing an attacker to replace the configured target host and cause requests to go to an attacker-chosen URL (SSRF). The issue is fixed in ve...
CVE-2026-45568 zrok Python ProxyShare can be used as an SSRF proxy through absolute URL paths
zrok is software for sharing web services, files, and network resources. Prior to 2.0.3, zrok's Python SDK ProxyShare Flask proxy route accepts an absolute URL in the request path and passes it to urllib.parse.urljoin, allowing the requested path to replace the configured target host and causing...
GHSA-JH67-HWQW-M5R7 rok Python ProxyShare can be used as an SSRF proxy through absolute URL paths
Summary Alice exposes a Python SDK ProxyShare with a fixed target URL. Bob sends a request to the share with an absolute URL in the path. The Flask handler passes that path to urllib.parse.urljoin, which replaces Alice's configured target host with Bob's host and returns the server-side response ...