CVE-2023-24622: Server-Side Request Forgery (SSRF)

January 30, 2023 (updated February 7, 2023)

isInList in the safeurl-python package before 1.2 for Python has an insufficiently restrictive regular expression for external domains, leading to SSRF.

References

github.com/IncludeSecurity/safeurl-python/security/advisories/GHSA-jgh8-vchw-q3g7
nvd.nist.gov/vuln/detail/CVE-2023-24622

Detect and mitigate CVE-2023-24622 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →