Pricing
Contact
Login
Start Free Trial
Research Center
CVE-2022-25850 Research Center
A better way to manage your vulnerabilities Learn More

CVE-2022-25850

The package github.com/hoppscotch/proxyscotch before 1.0.0 are vulnerable to Server-side Request Forgery (SSRF) when interceptor mode is set to proxy. It occurs when an HTTP request is made by a backend server to an untrusted URL submitted by a user. It leads to a leakage of sensitive information from the server.

  • 7.5 high severity
  • CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

  • 01/05/2022

Products 1

Pr

Proxyscotch

by Proxyscotch Project

3 Versions

2 years ago

Vulnerability Categories 1

Server-Side Request Forgery (SSRF)

xTags 5

#exposed_to_RCE_attack
#easy_to_exploit
#known_vulnerability
#confidentiality_impact_if_exploited
#new_vulnerability_published

Patch Links 1

https://github.com/hoppscotch/proxyscotch/commit/de67380f62f907f201d75854b76024ba4885fab7
Patch Now

Advisory Links 2

https://github.com/hoppscotch/proxyscotch/commit/de67380f62f907f201d75854b76024ba4885fab7
https://snyk.io/vuln/SNYK-GOLANG-GITHUBCOMHOPPSCOTCHPROXYSCOTCH-2435228
http://www.vicarius.io is owned and operated by Vicarius Ltd. (the “Company”). All information contained on the Website is purely for informational, and educational purposes and should be independently verified and confirmed. Vicarius does not accept any liability for any loss or damage whatsoever caused in reliance upon such information or services. No statements or information presented in any form by Vicarius is intended as fact, and you agree that you will not consider the statements or information presented on the Website as fact or as a guarantee of performance.

Related CVEs

Security Research Topics

By Vicarius Cartoons
Apr 12, 2023

Vicarius Cartoons Presents: IT Passover

By David Parkinson Frost
Mar 27, 2023

Acropalypse wreaking havoc, zero-days in Samsung Exynos, Emotet returns (again)

By Vicarius Cartoons
Feb 14, 2023

Vicarius Cartoons Presents: Cupid's Exploit

By Paul Lighter
Jan 11, 2023

When the Target is Also the Threat

A software failure grounded thousands of flights today, raising a complicated question - how do you secure an unstable system? The answer has never been more urgent.
By Paul Lighter
Jan 06, 2023

The Uncomfortable Implications of the LastPass Attack

The recent attack on LastPass has people questioning if they can trust password managers. But there's a bigger issue lurking underneath - can you trust ANY security vendor?
last_chanse_02.png

Start Closing Security Gaps

  • Risk reduction from Day 1
  • Fast set-up and deployment
  • Unified platform
  • Full-featured 14-day trial
Start Free Trial!

Have questions?

By submitting this form, you agree to be contacted about vRx and other Vicarius products.

Vicarius develops an autonomous vulnerability remediation platform to help security teams protect their assets against software exploitation. Consolidating vulnerability assessment, prioritization, and remediation, Vicarius strengthens cyber hygiene and proactively reduces risk.
We're hiring!

Support

support@vicarius.io

Sales

sales@vicarius.io

Marketing

info@vicarius.io
Product
Product Overview
Vulnerability Management
Patch Management
Patchless Protection
Auto Actions
Reporting
Network Scanner
xTags
0-Day Detection
Solution
Solution Overview
Case Studies
Knowledge
Research Center
Apps & OS Patch Catalog
Videos
Articles
Docs
Company
About
Investors
vconnect
Trust
Careers
Pricing
Pricing
Compare
vRx vs. Automox
vRx vs. ManageEngine
vRx vs. Rapid7
vRx vs. Tenable
vRx vs. Tanium
vRx vs. RMMs
vRx vs. Vulcan
vRx vs. PDQ
vRx vs. Qualys
vRx vs. SentinelOne
vRx vs. BigFix

Copyright © Vicarius. All rights reserved 2022. Privacy Policy and Terms of Use