CVE-2023-30019: imgproxy is vulnerable to Server-Side Request Forgery
(updated )
imgproxy <=3.14.0 is vulnerable to Server-Side Request Forgery (SSRF) due to a lack of sanitization of the imageURL parameter.
References
- breakandpray.com/cve-2023-30019-ssrf-in-imgproxy/
- github.com/advisories/GHSA-9x7h-ggc3-xg47
- github.com/imgproxy/imgproxy/blob/ee9e8f0cb101ec22318caffd552a23cc0548d5ce/imagedata/download.go
- github.com/imgproxy/imgproxy/commit/1a9768a2c682e88820064aa3d9a05ea234ff3cc4
- nvd.nist.gov/vuln/detail/CVE-2023-30019
Detect and mitigate CVE-2023-30019 with GitLab Dependency Scanning
Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →