CVE-2023-22493

Name of the Vulnerable Software and Affected Versions RSSHub (affected versions not specified)

Description RSSHub is an open source RSS feed generator that is vulnerable to Server-Side Request Forgery (SSRF) attacks. This issue allows an attacker to send arbitrary HTTP requests from the server to other servers or resources on the network. An attacker can exploit this vulnerability by sending a request to the affected routes with a malicious URL, potentially gaining access to sensitive information that would not normally be accessible and amplifying the impact of the attack. For example, an attacker can use URL-encoded characters, such as %2F and %23, to modify the base URL and send requests to internal or other servers or resources on the network.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.