link-preview-js is vulnerable to server-side request forgery. The vulnerability exists because the getLinkPreview
function of index.ts
does not properly validate the local IP addresses before redirecting, allowing an attacker to read response data by making an HTTP request to untrusted URLs.
CPE | Name | Operator | Version |
---|---|---|---|
link-preview-js | le | 2.1.15 | |
link-preview-js | le | 2.1.15 |