PT-2023-22513 · Imgproxy · Imgproxy
Published
2023-05-08
·
Updated
2024-08-20
·
CVE-2023-30019
CVSS v3.1
5.3
Medium
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N |
Name of the Vulnerable Software and Affected Versions
imgproxy versions 3.14.0 and earlier
imgproxy prior to version 3.15.0
Description
The issue is related to Server-Side Request Forgery (SSRF) due to a lack of sanitization of the
imageURL parameter. This allows for potential exploitation.Recommendations
For imgproxy versions 3.14.0 and earlier, update to version 3.15.0 or later to resolve the issue.
For imgproxy prior to version 3.15.0, update to version 3.15.0 or later to resolve the issue.
As a temporary workaround, consider restricting access to the
imageURL parameter to minimize the risk of exploitation.Exploit
Fix
SSRF
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Imgproxy