Versions of the package nossrf before 1.0.4 are vulnerable to Server-Side Request Forgery (SSRF), where an attacker can provide a hostname that resolves to a local or reserved IP address space and bypass the SSRF protection mechanism.
{
"github_reviewed_at": "2025-03-25T16:30:30Z",
"nvd_published_at": "2025-03-23T15:15:13Z",
"github_reviewed": true,
"cwe_ids": [
"CWE-918"
],
"severity": "HIGH"
}