Description
request-baskets up to v1.2.1 was discovered to contain a Server-Side Request Forgery (SSRF) via the component /api/baskets/{name}. This vulnerability allows attackers to access network resources and sensitive information via a crafted API request.
References
Broken LinkProduct
https://gist.github.com/b33t1e/3079c10c88cad379fb166c389ce3b7b3
ExploitThird Party Advisory
https://notes.sjtu.edu.cn/s/MUUhEymt7
ExploitThird Party Advisory
CVSS impact metrics
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N
6.5 · Medium
CVSS V3.1
CVSS V3.0
CVSS V2.0
Information
Source identifier
Vulnerability status
Modified
Published
2023-03-31T20:15:07.477
1 year agoLast modified
2023-08-11T15:15:10.570
11 months ago