Lucene search
SnykCVELIST:CVE-2021-23664HistoryJan 21, 2022 - 8:00 p.m.
CVE-2021-23664 Server-side Request Forgery (SSRF)
2022-01-2120:00:14
snyk
www.cve.org
3
cve-2021-23664
ssrf
server-side request forgery
middleware.js
redirection action
sanitization
validation
CVSS3
8.6
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
CHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N/E:P
AI Score
8.8
Confidence
High
EPSS
0.002
Percentile
55.7%
The package @isomorphic-git/cors-proxy before 2.7.1 are vulnerable to Server-side Request Forgery (SSRF) due to missing sanitization and validation of the redirection action in middleware.js.
CNA Affected
[
{
"product": "@isomorphic-git/cors-proxy",
"vendor": "n/a",
"versions": [
{
"lessThan": "2.7.1",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
]Related
osv
osv
CVE-2021-23664
2022-01-21 20:15:08
Server side request forgery in @isomorphic-git/cors-proxy
2022-01-26 22:13:05
veracode
veracode
Server-Side Request Forgery (SSRF)
2022-01-24 06:14:14
prion
prion
Server side request forgery (ssrf)
2022-01-21 20:15:00
github
github
Server side request forgery in @isomorphic-git/cors-proxy
2022-01-26 22:13:05
nvd
nvd
CVE-2021-23664
2022-01-21 20:15:08
cve
cve
CVE-2021-23664
2022-01-21 20:15:08
CVSS3
8.6
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
CHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N/E:P
AI Score
8.8
Confidence
High
EPSS
0.002
Percentile
55.7%
Related for CVELIST:CVE-2021-23664