18 matches found
CVE-2026-43929
ssrfcheck is a library that checks if a string contains a potential SSRF attack. In 1.3.0 and earlier, ssrfcheck fails to block Server-Side Request Forgery attacks when the target private IP address is encoded as an IPv4-mapped IPv6 address e.g. http://::ffff:127.0.0.1/. The WHATWG URL parser bui...
CVE-2026-43929 ssrfcheck: Server-Side Request Forgery (SSRF) and Incomplete List of Disallowed Inputs
ssrfcheck is a library that checks if a string contains a potential SSRF attack. In 1.3.0 and earlier, ssrfcheck fails to block Server-Side Request Forgery attacks when the target private IP address is encoded as an IPv4-mapped IPv6 address e.g. http://::ffff:127.0.0.1/. The WHATWG URL parser bui...
Server-side Request Forgery (SSRF)
Overview Affected versions of this package are vulnerable to Server-side Request Forgery SSRF in the isSSRFSafeURL function. An attacker can access internal network resources and sensitive cloud metadata by submitting specially crafted URLs that use IPv4-mapped IPv6 notation, which bypasses the...
EUVD-2025-22851
ssrfcheck: SSRF Bypass Caused by Failure to Classify Reserved IP Address Space as Invalid...
NPM: ssrfcheck: SSRF Bypass Caused by Failure to Classify Reserved IP Address Space as Invalid
NPM: ssrfcheck: SSRF Bypass Caused by Failure to Classify Reserved IP Address Space as Invalid vulnerability discovered by ? in WordPress Npm ssrfcheck versions 1.2.0...
GHSA-P4HC-9PJH-55C8 ssrfcheck: SSRF Bypass Caused by Failure to Classify Reserved IP Address Space as Invalid
SSRF Bypass in ssrfcheck - fails to classify reserved IP address space as invalid ssrfcheck is an npm package that serves to provide protection from SSRF by validating URLs or hostname inputs. Resources: Project's GitHub code repository: https://github.com/felippe-regazio/ssrfcheck Project's npm...
ssrfcheck: SSRF Bypass Caused by Failure to Classify Reserved IP Address Space as Invalid
SSRF Bypass in ssrfcheck - fails to classify reserved IP address space as invalid ssrfcheck is an npm package that serves to provide protection from SSRF by validating URLs or hostname inputs. Resources: Project's GitHub code repository: https://github.com/felippe-regazio/ssrfcheck Project's npm...
CVE-2026-43929
creationtimestamp| type| source ---|---|--- 2026-04-26 01:30:34+00:00| published-proof-of-concept| https://github.com/felippe-regazio/ssrfcheck/security/advisories/GHSA-j4rj-2jr5-m439...
CVE-2025-8267
Versions of the package ssrfcheck before 1.2.0 are vulnerable to Server-Side Request Forgery SSRF due to an incomplete denylist of IP address ranges. Specifically, the package fails to classify the reserved IP address space 224.0.0.0/4 Multicast as invalid. This oversight allows attackers to craf...
GHSA-C2FV-2FMJ-9XRX Duplicate Advisory: ssrfcheck has Incomplete IP Address Deny List that leads to Server-Side Request Forgery Vulnerability
Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-p4hc-9pjh-55c8. This link is maintained to preserve external references. Original Description Versions of the package ssrfcheck below 1.2.0 are vulnerable to Server-Side Request Forgery SSRF due to an incomplete...
Duplicate Advisory: ssrfcheck has Incomplete IP Address Deny List that leads to Server-Side Request Forgery Vulnerability
Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-p4hc-9pjh-55c8. This link is maintained to preserve external references. Original Description Versions of the package ssrfcheck below 1.2.0 are vulnerable to Server-Side Request Forgery SSRF due to an incomplete...
CVE-2025-8267
Versions of the package ssrfcheck before 1.2.0 are vulnerable to Server-Side Request Forgery SSRF due to an incomplete denylist of IP address ranges. Specifically, the package fails to classify the reserved IP address space 224.0.0.0/4 Multicast as invalid. This oversight allows attackers to craf...
CVE-2025-8267
Versions of the package ssrfcheck before 1.2.0 are vulnerable to Server-Side Request Forgery SSRF due to an incomplete denylist of IP address ranges. Specifically, the package fails to classify the reserved IP address space 224.0.0.0/4 Multicast as invalid. This oversight allows attackers to craf...
CVE-2025-8267
Versions of the package ssrfcheck before 1.2.0 are vulnerable to Server-Side Request Forgery SSRF due to an incomplete denylist of IP address ranges. Specifically, the package fails to classify the reserved IP address space 224.0.0.0/4 Multicast as invalid. This oversight allows attackers to craf...
CVE-2025-8267
CVE-2025-8267 affects the Python/JS package ssrfcheck prior to 1.2.0, with an incomplete IP denylist failing to classify 224.0.0.0/4 (Multicast) as invalid. This enables SSRF against multicast addresses via crafted requests. Public references from Red Hat, HTC OSV, GHSA, NVD, and PT-2025-31048 co...
CVE-2025-8267
Versions of the package ssrfcheck before 1.2.0 are vulnerable to Server-Side Request Forgery SSRF due to an incomplete denylist of IP address ranges. Specifically, the package fails to classify the reserved IP address space 224.0.0.0/4 Multicast as invalid. This oversight allows attackers to craf...
PT-2025-31048
Name of the Vulnerable Software and Affected Versions ssrfcheck versions prior to 1.2.0 Description The package is vulnerable to Server-Side Request Forgery SSRF due to an incomplete denylist of IP address ranges. The package fails to classify the reserved IP address space 224.0.0.0/4 Multicast a...
Server-Side Request Forgery (SSRF)
Overview Affected versions of this package are vulnerable to Server-Side Request Forgery SSRF due to an incomplete denylist of IP address ranges. Specifically, the package fails to classify the reserved IP address space 224.0.0.0/4 Multicast as invalid. This oversight allows attackers to craft...