Lucene search
+L

4 matches found

Cvelist
Cvelist
added 3 days ago33 views

CVE-2026-45568 zrok Python ProxyShare can be used as an SSRF proxy through absolute URL paths

zrok is software for sharing web services, files, and network resources. Prior to 2.0.3, zrok's Python SDK ProxyShare Flask proxy route accepts an absolute URL in the request path and passes it to urllib.parse.urljoin, allowing the requested path to replace the configured target host and causing...

9.9CVSS0.00356EPSS
Exploits0References3
CVE
CVE
added 3 days ago27 views

CVE-2026-45568

CVE-2026-45568 affects zrok ProxyShare (Python SDK) where the Flask proxy route accepts an absolute URL in the path and passes it to urllib.parse.urljoin, allowing an attacker to replace the configured target host and cause requests to go to an attacker-chosen URL (SSRF). The issue is fixed in ve...

9.9CVSS6.1AI score0.00356EPSS
Exploits0References3
OSV
OSV
added 3 days ago4 views

CVE-2026-45568 zrok Python ProxyShare can be used as an SSRF proxy through absolute URL paths

zrok is software for sharing web services, files, and network resources. Prior to 2.0.3, zrok's Python SDK ProxyShare Flask proxy route accepts an absolute URL in the request path and passes it to urllib.parse.urljoin, allowing the requested path to replace the configured target host and causing...

9.9CVSS6.1AI score0.00356EPSS
Exploits0References5
OSV
OSV
added 2026/05/19 3:16 p.m.6 views

GHSA-JH67-HWQW-M5R7 rok Python ProxyShare can be used as an SSRF proxy through absolute URL paths

Summary Alice exposes a Python SDK ProxyShare with a fixed target URL. Bob sends a request to the share with an absolute URL in the path. The Flask handler passes that path to urllib.parse.urljoin, which replaces Alice's configured target host with Bob's host and returns the server-side response ...

9.9CVSS5.8AI score0.00356EPSS
Exploits0References2
Rows per page
Query Builder