data/reports/GO-2023-1526.yaml - vulndb - Git at Google

 id: GO-2023-1526
 modules:
     - module: github.com/hakobe/paranoidhttp
       versions:
         - fixed: 0.3.0
       vulnerable_at: 0.2.0
       packages:
         - package: github.com/hakobe/paranoidhttp
           symbols:
             - safeAddr
 summary: Server-side request forgery in github.com/hakobe/paranoidhttp
 description: |-
     Paranoidhttp before is vulnerable to SSRF because [::] is equivalent to the
     127.0.0.1 address, but does not match the filter for private addresses.
 cves:
     - CVE-2023-24623
 ghsas:
     - GHSA-v9mp-j8g7-2q6m
 references:
     - web: https://github.com/hakobe/paranoidhttp/blob/master/CHANGELOG.md#v030-2023-01-19
     - fix: https://github.com/hakobe/paranoidhttp/commit/07f671da14ce63a80f4e52432b32e8d178d75fd3
     - web: https://github.com/hakobe/paranoidhttp/compare/v0.2.0...v0.3.0
	id: GO-2023-1526
	modules:
	- module: github.com/hakobe/paranoidhttp
	versions:
	- fixed: 0.3.0
	vulnerable_at: 0.2.0
	packages:
	- package: github.com/hakobe/paranoidhttp
	symbols:
	- safeAddr
	summary: Server-side request forgery in github.com/hakobe/paranoidhttp
	description: \|-
	Paranoidhttp before is vulnerable to SSRF because [::] is equivalent to the
	127.0.0.1 address, but does not match the filter for private addresses.
	cves:
	- CVE-2023-24623
	ghsas:
	- GHSA-v9mp-j8g7-2q6m
	references:
	- web: https://github.com/hakobe/paranoidhttp/blob/master/CHANGELOG.md#v030-2023-01-19
	- fix: https://github.com/hakobe/paranoidhttp/commit/07f671da14ce63a80f4e52432b32e8d178d75fd3
	- web: https://github.com/hakobe/paranoidhttp/compare/v0.2.0...v0.3.0