CVE-2024-41813

See a problem?

Source

https://nvd.nist.gov/vuln/detail/CVE-2024-41813

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-41813.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2024-41813

Aliases

GHSA-4c78-229v-hf6m

Published

2024-07-26T17:15:12Z

Modified

2024-07-29T16:03:48.836931Z

Summary

[none]

Details

txtdot is an HTTP proxy that parses only text, links, and pictures from pages, removing ads and heavy scripts. Starting in version 1.4.0 and prior to version 1.6.1, a Server-Side Request Forgery (SSRF) vulnerability in the /proxy route of txtdot allows remote attackers to use the server as a proxy to send HTTP GET requests to arbitrary targets and retrieve information in the internal network. Version 1.6.1 patches the issue.

References

Affected packages

Git / github.com/txtdot/txtdot

Affected ranges

Type: GIT
Repo: https://github.com/txtdot/txtdot
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Fixed

f241a46e05b148a39b84bf956051b5aaa489949e

Affected versions

1.*

1.0.0

v1.*

v1.1.0

v1.1.1

v1.2.0

v1.3.0

v1.3.1

v1.4.0

v1.5.0

v1.5.1

v1.5.2

v1.5.3

v1.6.0