Vulnerabilities > CVE-2021-23664 - Server-Side Request Forgery (SSRF) vulnerability in Isomorphic-Git Cors-Proxy

CVSS 7.5 - HIGH

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

HIGH

Integrity impact

NONE

Availability impact

NONE

network

low complexity

isomorphic-git

CWE-918

NVD

Published: 2022-01-21

Updated: 2024-11-21

Summary

The package @isomorphic-git/cors-proxy before 2.7.1 are vulnerable to Server-side Request Forgery (SSRF) due to missing sanitization and validation of the redirection action in middleware.js.

Vulnerable Configurations

Part	Description	Count
Application	Isomorphic-Git Isomorphic GIT Cors Proxy *	1

Common Weakness Enumeration (CWE)

CWE-918 - Server-Side Request Forgery (SSRF)

References

https://github.com/isomorphic-git/cors-proxy/commit/1b1c91e71d946544d97ccc7cf0ac62b859e03311
https://github.com/isomorphic-git/cors-proxy/commit/1b1c91e71d946544d97ccc7cf0ac62b859e03311
https://snyk.io/vuln/SNYK-JS-ISOMORPHICGITCORSPROXY-1734788
https://snyk.io/vuln/SNYK-JS-ISOMORPHICGITCORSPROXY-1734788