CVE-2021-23718

Server-Side Request Forgery (SSRF) in npm/ssrf-agent

Identifiers

CVE-2021-23718

Package Slug

npm/ssrf-agent

Vulnerability

Server-Side Request Forgery (SSRF)

Description

The package ssrf-agent is vulnerable to Server-side Request Forgery (SSRF) via the defaultIpChecker function. It fails to properly validate if the IP requested is private.

Affected Versions

All versions before 1.0.5

Solution

Upgrade to version 1.0.5 or above.

Last Modified

2021-11-30

source