Ouuan

Name of the Vulnerable Software and Affected Versions: WebFeed versions prior to 0.9.2 Description: The issue concerns multiple HTML injection vulnerabilities that can lead to CSRF and UI spoofing attacks. A remote attacker can provide malicious RSS feeds, attracting the victim user to visit them using WebFeed. The attacker can then inject malicious HTML into the extension page, fooling the victim into sending out HTTP requests to arbitrary sites with the victim's credentials. Users are vulnerable to CSRF attacks when visiting malicious RSS feeds via WebFeed, potentially executing unwanted actions on the user's behalf on arbitrary websites. Recommendations: For versions prior to 0.9.2, upgrade to release version 0.9.2 to address the issue. As a temporary workaround, consider avoiding the use of WebFeed to access potentially malicious RSS feeds until the upgrade is applied. Restrict access to WebFeed's functionality to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** txtdot versions 1.4.0 through 1.6.0 **Description** A Server-Side Request Forgery (SSRF) issue exists in the `/proxy` route, allowing remote attackers to send HTTP GET requests to arbitrary targets and retrieve internal network information. **Recommendations** For txtdot versions 1.4.0 through 1.6.0, update to version 1.6.1 to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** txtdot versions prior to 1.7.0 txtdot version 1.7.0 **Description** The issue concerns a Server-Side Request Forgery (SSRF) vulnerability in the `/get` route, allowing remote attackers to use the server as a proxy to send HTTP GET requests to arbitrary targets and retrieve information in the internal network. **Recommendations** For versions prior to 1.7.0, update to version 1.7.0 or later. For version 1.7.0, set a firewall between txtdot and other internal network resources to prevent exploitation.

**Name of the Vulnerable Software and Affected Versions** archive/zip package (affected versions not specified) **Description** The archive/zip package's handling of certain types of invalid zip files differs from the behavior of most zip implementations. This misalignment could be exploited to create a zip file with contents that vary depending on the implementation reading the file. The issue is related to the incorrect handling of zip files, which could allow an attacker to create an arbitrary zip file. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: ip package versions through 2.0.1 for Node.js Description: The issue is related to the improper categorization of certain IP addresses as globally routable via the `isPublic()` function, which might allow Server-Side Request Forgery (SSRF) attacks. This is due to an incomplete fix for a previous issue. The vulnerability can be exploited by a remote attacker to perform SSRF attacks. It is estimated that millions of devices are potentially affected. Recommendations: For ip package versions through 2.0.1, consider disabling the `isPublic()` function until a patch is available to prevent potential SSRF attacks. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** RSSHub versions prior to 1.0.0-master.a429472 **Description** The issue allows remote attackers to use the server as a proxy to send HTTP GET requests to arbitrary targets and retrieve information in the internal network or conduct Denial-of-Service (DoS) attacks. This may lead to leaking the server IP address, retrieving information in the internal network, such as accessible addresses and ports, and titles and meta descriptions of HTML pages, and denial of service amplification. The attacker can send malicious requests to a RSSHub server to make the server send HTTP GET requests to arbitrary destinations and see partial responses. **Recommendations** For RSSHub versions prior to 1.0.0-master.a429472, update to version 1.0.0-master.a429472 or later to resolve the issue. As a temporary workaround, consider restricting access to the vulnerable API endpoints, such as `/mastodon/acct/:acct/statuses/:only media?`, `/zjol/paper/:id?`, and `/m4/:id?/:category*`, to minimize the risk of exploitation. Avoid using these endpoints until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** LibreY versions prior to commit be59098abd119cda70b15bf3faac596dfd39a744 **Description** The issue is related to a Server-Side Request Forgery (SSRF) vulnerability in the `engines/google/text.php` and `engines/duckduckgo/text.php` files. This vulnerability allows remote attackers to request the server to send HTTP GET requests to arbitrary targets and conduct Denial-of-Service (DoS) attacks via the `wikipedia language` cookie. Remote attackers can request the server to download large files to reduce the performance of the server or even deny access from legitimate users. **Recommendations** For versions prior to commit be59098abd119cda70b15bf3faac596dfd39a744, update to the latest commit to resolve the issue. As a temporary workaround, consider restricting access to the `engines/google/text.php` and `engines/duckduckgo/text.php` files to minimize the risk of exploitation. Avoid using the `wikipedia language` cookie in the affected API endpoints until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** LibreY versions prior to commit 8f9b9803f231e2954e5b49987a532d28fe50a627 **Description** The issue is related to a Server-Side Request Forgery (SSRF) vulnerability in the `image proxy.php` file. This vulnerability allows remote attackers to use the server as a proxy to send HTTP GET requests to arbitrary targets and retrieve information in the internal network or conduct Denial-of-Service (DoS) attacks via the `url` parameter. Attackers can also request the server to download large files or chain requests among multiple instances to reduce the performance of the server or even deny access from legitimate users. **Recommendations** To resolve the issue, LibreY hosters are advised to use the latest commit. As a temporary workaround, consider restricting access to the `image proxy.php` file until the issue is resolved. Avoid using the `url` parameter in the affected API endpoint until the issue is resolved. At the moment, there are no known workarounds for this vulnerability, and the best course of action is to update to the latest version.