Lucene search
Veracode Vulnerability DatabaseVERACODE:5427HistoryNov 14, 2017 - 8:11 a.m.
Server-Side Request Forgery (SSRF)
2017-11-1408:11:23
Veracode Vulnerability Database
sca.analysiscenter.veracode.com
7
0.004 Low
EPSS
Percentile
72.8%
private_address_check is vulnerable to server-side request forgery (SSRF) attacks. A malicious user can bypass the SSRF filter by passing a valid IP address of a different format. This is related to the OS-dependent Resolv.getaddresses within Ruby itself.
| CPE | Name | Operator | Version |
|---|---|---|---|
| private_address_check | le | 0.3.0 |
Related
cve
cve
CVE-2017-0904
2017-11-13 17:29:00
hackerone
hackerone
prion
prion
Server side request forgery (ssrf)
2017-11-13 17:29:00
cvelist
cvelist
CVE-2017-0904
2017-11-05 00:00:00
nvd
nvd
CVE-2017-0904
2017-11-13 17:29:00
osv
osv
CVE-2017-0904
2017-11-13 17:29:00
private_address_check vulnerable to bypass of Resolv.getaddresses method
2017-11-29 23:21:05
github
github
private_address_check vulnerable to bypass of Resolv.getaddresses method
2017-11-29 23:21:05