Lucene search
Veracode Vulnerability DatabaseVERACODE:34484HistoryMar 02, 2022 - 9:51 a.m.
Sever-side Request Forgery (SSRF)
2022-03-0209:51:42
Veracode Vulnerability Database
sca.analysiscenter.veracode.com
6
0.002 Low
EPSS
Percentile
51.4%
rudloff/alltube is vulnerable to server-side request forgery. An attacker is able to pass malicious parameters which are directly fed into the youtube-dl command, allowing the attacker to perform malicious redirect, internal port scanning and obtaining sensitive information about services on localhost and sending requests to them.
| CPE | Name | Operator | Version |
|---|---|---|---|
| rudloff/alltube | le | 3.0.1 | |
| rudloff/alltube | le | 3.0.1 |
Related
friendsofphp
friendsofphp
Server-Side Request Forgery (SSRF)
2022-02-27 12:30:15
osv
osv
CVE-2022-0768
2022-02-28 10:15:08
Server-Side Request Forgery (SSRF) in rudloff/alltube
2022-03-01 22:01:30
nvd
nvd
CVE-2022-0768
2022-02-28 10:15:08
cve
cve
CVE-2022-0768
2022-02-28 10:15:08
github
github
Server-Side Request Forgery (SSRF) in rudloff/alltube
2022-03-01 22:01:30
prion
prion
Server side request forgery (ssrf)
2022-02-28 10:15:00
huntr
huntr
Server-Side Request Forgery (SSRF)
2022-02-26 05:57:17
veracode
veracode
Server-Side Request Forgery (SSRF)
2022-03-01 14:33:02
cvelist
cvelist
CVE-2022-0768 Server-Side Request Forgery (SSRF) in rudloff/alltube
2022-02-28 09:20:09