Vulnerabilities > CVE-2022-25850 - Server-Side Request Forgery (SSRF) vulnerability in Proxyscotch Project Proxyscotch
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
HIGH Integrity impact
NONE Availability impact
NONE Summary
The package github.com/hoppscotch/proxyscotch before 1.0.0 are vulnerable to Server-side Request Forgery (SSRF) when interceptor mode is set to proxy. It occurs when an HTTP request is made by a backend server to an untrusted URL submitted by a user. It leads to a leakage of sensitive information from the server.
Vulnerable Configurations
Part | Description | Count |
---|---|---|
Application | 1 |
Common Weakness Enumeration (CWE)
References
- https://github.com/hoppscotch/proxyscotch/commit/de67380f62f907f201d75854b76024ba4885fab7
- https://github.com/hoppscotch/proxyscotch/commit/de67380f62f907f201d75854b76024ba4885fab7
- https://snyk.io/vuln/SNYK-GOLANG-GITHUBCOMHOPPSCOTCHPROXYSCOTCH-2435228
- https://snyk.io/vuln/SNYK-GOLANG-GITHUBCOMHOPPSCOTCHPROXYSCOTCH-2435228