CVE-2022-24825

Name of the Vulnerable Software and Affected Versions Smokescreen versions prior to 0.0.3

Description Smokescreen is a simple HTTP proxy designed to prevent server-side request forgery (SSRF) attacks by blocking access to certain URLs. It also features a deny list to restrict access to additional URLs. However, an issue was discovered that allowed attackers to bypass the deny list by appending a dot to the end of user-supplied URLs or by providing input in a different letter case. This could potentially allow external attackers to leverage the behavior of applications to connect to or scan internal infrastructure.

Recommendations Upgrade Smokescreen to version 0.0.3 or later. As a temporary workaround, consider restricting access to the deny list feature until the issue is resolved. Additionally, be cautious when handling user-supplied URLs to minimize the risk of exploitation.