Lucene search
Veracode Vulnerability DatabaseVERACODE:39069HistoryFeb 01, 2023 - 5:10 a.m.
Server-Side Request Forgery (SSRF)
2023-02-0105:10:23
Veracode Vulnerability Database
sca.analysiscenter.veracode.com
14
server-side request forgery
ssrf
github.com/hakobe/paranoidhttp
unfiltered private ip addresses
safeaddr function
client.go
remote attacker
server resources.
EPSS
0.001
Percentile
31.9%
github.com/hakobe/paranoidhttp is vulnerable to Server-Side Request Forgery. The vulnerability exists due to the ip.To4 parameter in the safeAddr function of client.go, as the library matches [::] to the 127.0.0.1 address, but lacks filtering of private address, which allows a remote attacker to abuse server functionality and access or modify server resources.
Related
nvd
nvd
CVE-2023-24623
2023-01-30 05:15:10
osv
osv
Paranoidhttp Server-Side Request Forgery vulnerability
2023-01-30 06:30:27
CVE-2023-24623
2023-01-30 05:15:10
Server-side request forgery in github.com/hakobe/paranoidhttp
2023-02-14 16:19:07
github
github
Paranoidhttp Server-Side Request Forgery vulnerability
2023-01-30 06:30:27
cvelist
cvelist
CVE-2023-24623
2023-01-30 00:00:00
cve
cve
CVE-2023-24623
2023-01-30 05:15:10
prion
prion
Design/Logic Flaw
2023-01-30 05:15:00