CVE-2024-41812

See a problem?

Source

https://nvd.nist.gov/vuln/detail/CVE-2024-41812

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-41812.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2024-41812

Aliases

GHSA-4gj5-xj97-j8fp

Published

2024-07-26T17:15:12Z

Modified

2024-07-29T16:03:48.506528Z

Summary

[none]

Details

txtdot is an HTTP proxy that parses only text, links, and pictures from pages, removing ads and heavy scripts. Prior to version 1.7.0, a Server-Side Request Forgery (SSRF) vulnerability in the /get route of txtdot allows remote attackers to use the server as a proxy to send HTTP GET requests to arbitrary targets and retrieve information in the internal network. Version 1.7.0 prevents displaying the response of forged requests, but the requests can still be sent. For complete mitigation, a firewall between txtdot and other internal network resources should be set.

References

Affected packages

Git / github.com/txtdot/txtdot

Affected ranges

Type: GIT
Repo: https://github.com/txtdot/txtdot
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Fixed

7c72d985f7a26ec1fd3cf628444717ca54986d2d

Affected versions

1.*

1.0.0

v1.*

v1.1.0

v1.1.1

v1.2.0

v1.3.0

v1.3.1

v1.4.0

v1.5.0

v1.5.1

v1.5.2

v1.5.3

v1.6.0

v1.6.1