github.com/zalando/skipper is vulnerable to server-side request forgery. The vulnerability exists because proxy.go
does not properly pass URLs via the request context, allowing an attacker to redirect to the malicious URLs through the X-Skipper-Proxy
header.
packetstormsecurity.com/files/171546/X-Skipper-Proxy-0.13.237-Server-Side-Request-Forgery.html
skipper.com
zalando.com
gist.github.com/Fadavvi/9fffcfa4aaa9e25b77cfe7b3044b2857#file-cve-2022-38580
github.com/zalando/skipper/commit/842634347da8fe77e396f66edea79d329fd72130
github.com/zalando/skipper/pull/2058
pastebin.com/dXxpgPAK