Vulnerabilities > CVE-2021-23718 - Server-Side Request Forgery (SSRF) vulnerability in Ssrf-Agent Project Ssrf-Agent
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
HIGH Integrity impact
NONE Availability impact
NONE Summary
The package ssrf-agent before 1.0.5 are vulnerable to Server-side Request Forgery (SSRF) via the defaultIpChecker function. It fails to properly validate if the IP requested is private.
Vulnerable Configurations
Part | Description | Count |
---|---|---|
Application | 5 |
Common Weakness Enumeration (CWE)
References
- https://github.com/welefen/ssrf-agent/blob/cec2b85fe8886ad6926a247a3e059d8369ec022b/index.js%23L13
- https://github.com/welefen/ssrf-agent/blob/cec2b85fe8886ad6926a247a3e059d8369ec022b/index.js%23L13
- https://security.netapp.com/advisory/ntap-20211203-0005/
- https://security.netapp.com/advisory/ntap-20211203-0005/
- https://snyk.io/vuln/SNYK-JS-SSRFAGENT-1584362
- https://snyk.io/vuln/SNYK-JS-SSRFAGENT-1584362