CVE-2023-24622

Name of the Vulnerable Software and Affected Versions safeurl-python versions prior to 1.2

Description The issue arises from an insufficiently restrictive regular expression in the isInList function of the safeurl-python package, leading to a Server-side Request Forgery (SSRF) vulnerability. The regex used, re.match("(?i)^%s" % domain, value), has two main problems: it only anchors the beginning of the string and not the end, and a dot in the domain matches any character due to regex syntax. This could allow an attacker to bypass domain restrictions, for example, an allowlist of ["victim.com"] could be bypassed to request "victimacomattacker.com". The impact is lower since SSRF attacks typically target internal resources, but it could be more severe in cases where SafeURL is used to limit requests to a specific allowlist.

Recommendations For versions prior to 1.2, update to version 1.2 or later to fix the issue. As a temporary workaround, consider reviewing and manually validating the domains allowed by the isInList function to minimize the risk of exploitation. Restrict access to sensitive internal resources to prevent potential SSRF attacks.