CVE-2021-23718

Published: Nov 22, 2021Modified: Nov 21, 2024

7.5

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Exploitability: 3.9 / Impact: 3.6

Source: NVD

Description

The package ssrf-agent before 1.0.5 are vulnerable to Server-side Request Forgery (SSRF) via the defaultIpChecker function. It fails to properly validate if the IP requested is private.

Affected (1)

Products: Ssrf Agent Project: Ssrf Agent

Ssrf Agent Project

1 product

Ssrf Agent

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Ssrf Agent Project Ssrf Agent	Before 1.0.5

Related CWEs

CWE-918

Server-Side Request Forgery (SSRF)

The web server receives a URL or similar request from an upstream component and retrieves the contents of this URL, but it does not sufficiently ensure that the request is being sent to the expected destination.

References (6)

https://github.com/welefen/ssrf-agent/blob/cec2b85fe8886ad6926a247a3e059d8369ec022b/index.js%23L13

Source: report@snyk.io

Broken LinkThird Party Advisory

https://security.netapp.com/advisory/ntap-20211203-0005/

Source: report@snyk.io

Third Party Advisory

https://snyk.io/vuln/SNYK-JS-SSRFAGENT-1584362

Source: report@snyk.io

ExploitThird Party Advisory

https://github.com/welefen/ssrf-agent/blob/cec2b85fe8886ad6926a247a3e059d8369ec022b/index.js%23L13

Source: af854a3a-2127-422b-91ae-364da2661108

Broken LinkThird Party Advisory

https://security.netapp.com/advisory/ntap-20211203-0005/

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

https://snyk.io/vuln/SNYK-JS-SSRFAGENT-1584362

Source: af854a3a-2127-422b-91ae-364da2661108

ExploitThird Party Advisory

Timeline

No history available yet.