Skip to content

Commit

Permalink
Update advisories from GitHub Advisory Database
Browse files Browse the repository at this point in the history
  • Loading branch information
@github-actions
github-actions[bot] committed Feb 11, 2025
1 parent b78d179 commit 1c2cef4
Showing 1 changed file with 14 additions and 0 deletions.
14 changes: 14 additions & 0 deletions packages/hackney/GHSA-vq52-99r9-h5pw.yml
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,14 @@
---
description: |-
Versions of the package hackney from 0.0.0 are vulnerable to Server-side Request Forgery (SSRF) due to improper parsing of URLs by URI built-in module and hackey. Given the URL http://127.0.0.1?@127.2.2.2/, the URI function will parse and see the host as 127.0.0.1 (which is correct), and hackney will refer the host as 127.2.2.2/.
This vulnerability can be exploited when users rely on the URL function for host checking.
disclosure_date: 2025-02-11
first_patched_versions:
-
id: GHSA-vq52-99r9-h5pw
link: https://github.com/advisories/GHSA-vq52-99r9-h5pw
package: hackney
severity: low
title: Server-side Request Forgery (SSRF) in hackney
vulnerable_version_ranges:
- <= 1.20.1

0 comments on commit 1c2cef4

Please sign in to comment.