PT-2017-10709 · Ruby · Private Address Check
Publicado
2017-11-16
·
Atualizado
2019-10-09
·
CVE-2017-0909
CVSS v3.1
9.8
Crítica
| Vetor | AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
private address check ruby gem versions prior to 0.4.1
Description
The issue is related to an incomplete blacklist of common private/local network addresses, which can be used to prevent server-side request forgery. This incompleteness can lead to a bypass.
Recommendations
For versions prior to 0.4.1, update to version 0.4.1 or later to resolve the issue.
Correção
Incomplete List of Disallowed Inputs
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Enumeração de Fraquezas
Identificadores relacionados
Produtos afetados
Private Address Check