CVE-2022-29188

Name of the Vulnerable Software and Affected Versions Smokescreen versions prior to 0.0.4

Description Smokescreen is an HTTP proxy designed to prevent server-side request forgery (SSRF) attacks. It also offers a deny list feature to restrict access to external URLs. However, an issue allowed attackers to bypass this deny list by surrounding the hostname with square brackets (e.g., [example.com]). This vulnerability only impacted the HTTP proxy functionality, and HTTPS requests were not affected.

Recommendations Upgrade to Smokescreen version 0.0.4 or later to resolve the issue. As a temporary workaround, consider restricting access to the HTTP proxy functionality until the patch is applied. Avoid using the deny list feature with hostnames surrounded by square brackets until the issue is resolved.