Server-Side Request Forgery (SSRF)

2024-06-1015:06:29

Veracode Vulnerability Database

sca.analysiscenter.veracode.com

vulnerability

ssrf

improper restriction

local access

port scans

cloud environments

software

CVSS3

4.8

Attack Vector

PHYSICAL

Attack Complexity

HIGH

Privileges Required

LOW

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.0/AV:P/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N

AI Score

6.9

Confidence

High

EPSS

Percentile

9.0%

JSON

langchain is vulnerable to Server-Side Request Forgery (SSRF). The vulnerability is due to improper restriction of requests in the Web Research Retriever component, allowing it to reach local addresses and enabling attackers to execute port scans, access local services, and potentially read instance metadata from cloud environments.