Name of the Vulnerable Software and Affected Versions:

ssrfcheck versions prior to 1.2.0

Description:

The package is vulnerable to Server-Side Request Forgery (SSRF) due to an incomplete denylist of IP address ranges. The package fails to classify the reserved IP address space 224.0.0.0/4 (Multicast) as invalid, allowing attackers to craft requests targeting these multicast addresses.

Recommendations:

Update to ssrfcheck version 1.2.0 or later.