The package ssrf-agent before 1.0.5 are vulnerable to Server-side Request Forgery (SSRF) via the defaultIpChecker function. It fails to properly validate if the IP requested is private.
References
Link | Resource |
---|---|
https://snyk.io/vuln/SNYK-JS-SSRFAGENT-1584362 | Exploit Third Party Advisory |
https://github.com/welefen/ssrf-agent/blob/cec2b85fe8886ad6926a247a3e059d8369ec022b/index.js%23L13 | Broken Link Third Party Advisory |
https://security.netapp.com/advisory/ntap-20211203-0005/ | Third Party Advisory |
Configurations
Information
Published : 2021-11-22 09:15
Updated : 2021-12-15 10:16
NVD link : CVE-2021-23718
Mitre link : CVE-2021-23718
JSON object : View
CWE
CWE-918
Server-Side Request Forgery (SSRF)
Products Affected
ssrf-agent_project
- ssrf-agent