CVE-2023-41055

Name of the Vulnerable Software and Affected Versions LibreY versions prior to commit be59098abd119cda70b15bf3faac596dfd39a744

Description The issue is related to a Server-Side Request Forgery (SSRF) vulnerability in the engines/google/text.php and engines/duckduckgo/text.php files. This vulnerability allows remote attackers to request the server to send HTTP GET requests to arbitrary targets and conduct Denial-of-Service (DoS) attacks via the wikipedia language cookie. Remote attackers can request the server to download large files to reduce the performance of the server or even deny access from legitimate users.

Recommendations For versions prior to commit be59098abd119cda70b15bf3faac596dfd39a744, update to the latest commit to resolve the issue. As a temporary workaround, consider restricting access to the engines/google/text.php and engines/duckduckgo/text.php files to minimize the risk of exploitation. Avoid using the wikipedia language cookie in the affected API endpoints until the issue is resolved.