private_address_check is vulnerable to server-side request forgery (SSRF) attacks. A malicious user can bypass the SSRF filter by passing a valid IP address of a different format. This is related to the OS-dependent Resolv.getaddresses
within Ruby itself.
CPE | Name | Operator | Version |
---|---|---|---|
private_address_check | le | 0.3.0 |