Login
Start Free Trial
Research Center
CVE-2022-25850 Research Center

CVE-2022-25850

The package github.com/hoppscotch/proxyscotch before 1.0.0 are vulnerable to Server-side Request Forgery (SSRF) when interceptor mode is set to proxy. It occurs when an HTTP request is made by a backend server to an untrusted URL submitted by a user. It leads to a leakage of sensitive information from the server.

  • 7.5 high severity

  • CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

  • 01/05/2022

Products 1

Pr

Proxyscotch

by Proxyscotch Project

3 Versions

7 months ago

Vulnerability Categories 1

Server-Side Request Forgery (SSRF)

xTags 5

#exposed_to_RCE_attack
#easy_to_exploit
#known_vulnerability
#confidentiality_impact_if_exploited
#new_vulnerability_published

Patch Links 1

https://github.com/hoppscotch/proxyscotch/commit/de67380f62f907f201d75854b76024ba4885fab7
Patch Now

Advisory Links 2

https://github.com/hoppscotch/proxyscotch/commit/de67380f62f907f201d75854b76024ba4885fab7
https://snyk.io/vuln/SNYK-GOLANG-GITHUBCOMHOPPSCOTCHPROXYSCOTCH-2435228
http://www.vicarius.io is owned and operated by Vicarius Ltd. (the “Company”). All information contained on the Website is purely for informational, and educational purposes and should be independently verified and confirmed. Vicarius does not accept any liability for any loss or damage whatsoever caused in reliance upon such information or services. No statements or information presented in any form by Vicarius is intended as fact, and you agree that you will not consider the statements or information presented on the Website as fact or as a guarantee of performance.

Related CVEs

Security Research Topics

By Paul Lighter
Nov 30, 2022

Online Casino Heist Shreds Confidence in Cybersecurity

Hackers recently swiped $300,000 from DraftKings accounts - and it was almost effortless. This attack will likely be forgotten by history. But it should be a wake-up call instead.
By Shahar Reichman
Nov 30, 2022

New Subscription Tab

View & Download your license file from Topia dashboard
By acephale 4w
Nov 29, 2022

The Dark Stuff - Tor - Continued

Another bi-weekly/monthly talk on Tor.
By Jenny R
Nov 25, 2022

Choosing the Right Access Control Model

Choosing the right access control model for your project/organization is of great importance from a security point of view. There are more access control models, and I will try to show you their differences in this article.
By Khurram Arif
Nov 25, 2022

Fortinet Authentication Bypass Vulnerability - CVE-2022-40684

Vulnerability allows adversaries to bypass authentication and login into the vulnerable systems as an administrator.
last_chanse_04.png

Start Closing Security Gaps

  • Risk reduction from Day 1
  • Fast set-up and deployment
  • Unified platform
  • Full-featured 30-day trial
Get a Demo
Start Free Trial!