Vulnerabilities > CVE-2022-25876 - Server-Side Request Forgery (SSRF) vulnerability in Link-Preview-Js Project Link-Preview-Js
Attack vector
LOCAL Attack complexity
LOW Privileges required
LOW Confidentiality impact
HIGH Integrity impact
NONE Availability impact
NONE Summary
The package link-preview-js before 2.1.16 are vulnerable to Server-side Request Forgery (SSRF) which allows attackers to send arbitrary requests to the local network and read the response. This is due to flawed DNS rebinding protection.
Vulnerable Configurations
Common Weakness Enumeration (CWE)
References
- https://github.com/ospfranco/link-preview-js/issues/115
- https://github.com/ospfranco/link-preview-js/issues/115
- https://github.com/ospfranco/link-preview-js/pull/117
- https://github.com/ospfranco/link-preview-js/pull/117
- https://snyk.io/vuln/SNYK-JS-LINKPREVIEWJS-2933520
- https://snyk.io/vuln/SNYK-JS-LINKPREVIEWJS-2933520