CVE-2023-27163: request-baskets vulnerable to Server-Side Request Forgery

March 31, 2023

request-baskets up to v1.2.1 was discovered to contain a Server-Side Request Forgery (SSRF) via the component /api/baskets/{name}. This vulnerability allows attackers to access network resources and sensitive information via a crafted API request.

References

request-baskets.com/
gist.github.com/b33t1e/3079c10c88cad379fb166c389ce3b7b3
github.com/advisories/GHSA-58g2-vgpg-335q
github.com/darklynx/request-baskets
notes.sjtu.edu.cn/s/MUUhEymt7
nvd.nist.gov/vuln/detail/CVE-2023-27163

Detect and mitigate CVE-2023-27163 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →