33 matches found
EUVD-2022-5049
Malicious code in bioql PyPI...
CVE-2022-24825
Smokescreen is a simple HTTP proxy that fogs over naughty URLs. The primary use case for Smokescreen is to prevent server-side request forgery SSRF attacks in which external attackers leverage the behavior of applications to connect to or scan internal infrastructure. Smokescreen also offers an...
CVE-2022-29188
Smokescreen is an HTTP proxy. The primary use case for Smokescreen is to prevent server-side request forgery SSRF attacks in which external attackers leverage the behavior of applications to connect to or scan internal infrastructure. Smokescreen also offers an option to deny access to additional...
GO-2022-0459 Smokescreen SSRF via deny list bypass (square brackets) in github.com/stripe/smokescreen
Smokescreen SSRF via deny list bypass square brackets in github.com/stripe/smokescreen...
GO-2022-0429 Smokescreen SSRF via deny list bypass in github.com/stripe/smokescreen
Smokescreen SSRF via deny list bypass in github.com/stripe/smokescreen...
Malicious code in mrg-smokescreen (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 63bf9acde8135de4e52093eacf461b7577c36e88fcfaf86c83bb2258ff8e3219 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
MAL-2022-4713 Malicious code in mrg-smokescreen (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 63bf9acde8135de4e52093eacf461b7577c36e88fcfaf86c83bb2258ff8e3219 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
GHSA-QWRF-GFPJ-QVJ6 Smokescreen SSRF via deny list bypass (square brackets)
Impact The primary use case for Smokescreen is to prevent server-side request forgery SSRF attacks in which external attackers leverage the behavior of applications to connect to or scan internal infrastructure. Smokescreen also offers an option to deny access to additional e.g., external URLs by...
Smokescreen SSRF via deny list bypass (square brackets)
Impact The primary use case for Smokescreen is to prevent server-side request forgery SSRF attacks in which external attackers leverage the behavior of applications to connect to or scan internal infrastructure. Smokescreen also offers an option to deny access to additional e.g., external URLs by...
Stripe: Bypassing domain deny_list rule in Smokescreen via double brackets [[]] which leads to SSRF
@sim4n6 discovered a bypass of the domain denylist rule in github.com/stripe/smokescreen using double brackets. This could have led to a server-side request forgery SSRF vulnerability for users of smokescreen. The vulnerability was caused by only stripping one set of brackets before processing a...
Server-Side Request Forgery (SSRF)
github.com/stripe/smokescreen is vulnerable to server-side request forgery. The vulnerability exists in BuildProxy and handleConnect functions in smokescreen.go due to the deny list option that smokescreen offers which allows an attacker to bypass the deny list feature...
CVE-2022-29188
Smokescreen is an HTTP proxy. The primary use case for Smokescreen is to prevent server-side request forgery SSRF attacks in which external attackers leverage the behavior of applications to connect to or scan internal infrastructure. Smokescreen also offers an option to deny access to additional...
Server side request forgery (ssrf)
Smokescreen is an HTTP proxy. The primary use case for Smokescreen is to prevent server-side request forgery SSRF attacks in which external attackers leverage the behavior of applications to connect to or scan internal infrastructure. Smokescreen also offers an option to deny access to additional...
Smokescreen 代码问题漏洞
Smokescreen is an HTTP CONNECT proxy. A code issue vulnerability exists in Smokescreen. An attacker could use the vulnerability to bypass the denial list feature by enclosing the hostname in square brackets...
CVE-2022-29188 Smokescreen SSRF via deny list bypass (square brackets) in Smokescreen
Smokescreen is an HTTP proxy. The primary use case for Smokescreen is to prevent server-side request forgery SSRF attacks in which external attackers leverage the behavior of applications to connect to or scan internal infrastructure. Smokescreen also offers an option to deny access to additional...
CVE-2022-29188 Smokescreen SSRF via deny list bypass (square brackets) in Smokescreen
Smokescreen is an HTTP proxy. The primary use case for Smokescreen is to prevent server-side request forgery SSRF attacks in which external attackers leverage the behavior of applications to connect to or scan internal infrastructure. Smokescreen also offers an option to deny access to additional...
CVE-2022-29188
CVE-2022-29188 FFECT: Smokescreen’s HTTP proxy could bypass its deny-list when a hostname is wrapped in square brackets (e.g., [example.com]). The issue is limited to the HTTP proxy functionality; HTTPS traffic is unaffected. Concrete details across connected sources confirm the vulnerability exi...
CVE-2022-29188 Smokescreen SSRF via deny list bypass (square brackets) in Smokescreen
Smokescreen is an HTTP proxy. The primary use case for Smokescreen is to prevent server-side request forgery SSRF attacks in which external attackers leverage the behavior of applications to connect to or scan internal infrastructure. Smokescreen also offers an option to deny access to additional...
PT-2022-19440 · Unknown · Smokescreen
Name of the Vulnerable Software and Affected Versions: Smokescreen versions prior to 0.0.4 Description: Smokescreen is an HTTP proxy designed to prevent server-side request forgery SSRF attacks. It also offers a deny list feature to restrict access to external URLs. However, an issue allowed...
CVE-2022-24825
Smokescreen is a simple HTTP proxy that fogs over naughty URLs. The primary use case for Smokescreen is to prevent server-side request forgery SSRF attacks in which external attackers leverage the behavior of applications to connect to or scan internal infrastructure. Smokescreen also offers an...