CVE-2022-25850

Name of the Vulnerable Software and Affected Versions github.com/hoppscotch/proxyscotch versions prior to 1.0.0

Description The issue occurs when an HTTP request is made by a backend server to an untrusted URL submitted by a user, leading to a leakage of sensitive information from the server. This happens when the interceptor mode is set to proxy.

Recommendations For versions prior to 1.0.0, update to version 1.0.0 or later to resolve the issue. As a temporary workaround, consider disabling the proxy interceptor mode until a patch is available. Restrict access to untrusted URLs to minimize the risk of exploitation.