CVE-2023-24623

Name of the Vulnerable Software and Affected Versions Paranoidhttp versions prior to 0.3.0

Description The issue allows for Server-Side Request Forgery (SSRF) because the [::] address is equivalent to 127.0.0.1, but it does not match the filter for private addresses. This occurs due to the way Paranoidhttp handles IPv6 addresses, specifically the loopback address [::].

Recommendations For versions prior to 0.3.0, update to version 0.3.0 or later to resolve the issue. As a temporary workaround, consider restricting access to private addresses to minimize the risk of SSRF exploitation.