A bypass has been identified for the previously known vulnerability CVE-2017-0929, allowing unauthenticated attackers to execute arbitrary GET requests against target systems, including internal or adjacent networks.
This vulnerability facilitates a semi-blind SSRF attack, allowing attackers to make the target server send requests to internal or external URLs without viewing the full responses. Potential impacts include internal network reconnaissance, bypassing firewalls.
{ "nvd_published_at": "2025-04-09T16:15:25Z", "cwe_ids": [ "CWE-918" ], "severity": "MODERATE", "github_reviewed": true, "github_reviewed_at": "2025-04-09T12:58:28Z" }