CVE-2024-41812

Name of the Vulnerable Software and Affected Versions txtdot versions prior to 1.7.0 txtdot version 1.7.0

Description The issue concerns a Server-Side Request Forgery (SSRF) vulnerability in the /get route, allowing remote attackers to use the server as a proxy to send HTTP GET requests to arbitrary targets and retrieve information in the internal network.

Recommendations For versions prior to 1.7.0, update to version 1.7.0 or later. For version 1.7.0, set a firewall between txtdot and other internal network resources to prevent exploitation.