Vulnerabilities > CVE-2022-25876 - Server-Side Request Forgery (SSRF) vulnerability in Link-Preview-Js Project Link-Preview-Js
Attack vector
LOCAL Attack complexity
LOW Privileges required
NONE Confidentiality impact
PARTIAL Integrity impact
NONE Availability impact
NONE Summary
The package link-preview-js before 2.1.16 are vulnerable to Server-side Request Forgery (SSRF) which allows attackers to send arbitrary requests to the local network and read the response. This is due to flawed DNS rebinding protection.