Server-Side Request Forgery (SSRF)

2024-03-1108:08:01

Veracode Vulnerability Database

sca.analysiscenter.veracode.com

server-side request forgery

rsshub

vulnerability

remote attackers

http get requests

denial-of-service

dos attacks

internal network

6.5 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

LOW

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L

7.3 High

AI Score

Confidence

Low

0.001 Low

EPSS

Percentile

25.8%

JSON

RSSHub is vulnerable to Server-Side Request Forgery (SSRF). The vulnerability is due to SSRF vulnerabilities in RSSHub, enabling remote attackers to utilize the server as a proxy for sending HTTP GET requests to arbitrary targets. This could result in retrieving information from the internal network or conducting Denial-of-Service (DoS) attacks.