CVE-2023-27163

Name of the Vulnerable Software and Affected Versions request-baskets versions up to v1.2.1

Description The issue is related to a Server-Side Request Forgery (SSRF) vulnerability via the component "/api/baskets/{name}". This allows attackers to access network resources and sensitive information by sending a crafted API request. The vulnerability is due to insufficient validation of incoming requests when handling the {name} parameter.

Recommendations For request-baskets versions up to v1.2.1, as a temporary workaround, consider disabling the /api/baskets/{name} endpoint until a patch is available. Restrict access to this endpoint to minimize the risk of exploitation. Avoid using the {name} parameter in the affected API endpoint until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.