PT-2022-17582 · Unknown · Link-Preview-Js

Reworr

Published

2022-07-01

Updated

2022-07-12

CVE-2022-25876

CVSS v3.1

6.2

Medium

Vector

AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Name of the Vulnerable Software and Affected Versions link-preview-js versions prior to 2.1.16

Description The issue allows attackers to send arbitrary requests to the local network and read the response due to flawed DNS rebinding protection, enabling Server-side Request Forgery (SSRF) attacks.

Recommendations For versions prior to 2.1.16, update to version 2.1.16 or later to resolve the issue. As a temporary workaround, consider restricting access to the local network to minimize the risk of exploitation.

Exploit

Fix

SSRF

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-918

Related Identifiers

CVE-2022-25876

GHSA-H9CW-7G8J-H66H

SNYK-JS-LINKPREVIEWJS-2933520

Affected Products

Link-Preview-Js

PT-2022-17582 · Unknown · Link-Preview-Js

CVE-2022-25876

Weakness Enumeration

Related Identifiers

Affected Products

References · 9