GHSA-3v3c-r5v2-68ph

Source

https://github.com/advisories/GHSA-3v3c-r5v2-68ph

Import Source

https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2017/11/GHSA-3v3c-r5v2-68ph/GHSA-3v3c-r5v2-68ph.json

JSON Data

https://api.osv.dev/v1/vulns/GHSA-3v3c-r5v2-68ph

Aliases

CVE-2017-0909

Published

2017-11-30T23:14:55Z

Modified

2024-12-06T05:34:39.948583Z

Summary

private_address_check contains Incomplete List of Disallowed Inputs

Details

The privateaddresscheck ruby gem before 0.4.1 is vulnerable to a bypass due to an incomplete blacklist of common private/local network addresses used to prevent server-side request forgery.

Database specific

{
    "nvd_published_at": null,
    "cwe_ids": [
        "CWE-184"
    ],
    "severity": "HIGH",
    "github_reviewed": true,
    "github_reviewed_at": "2020-06-16T20:56:20Z"
}

References

Affected packages

RubyGems / private_address_check

Package

Name: private_address_check
Purl: pkg:gem/private_address_check

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

0.4.1

Affected versions

0.*

0.1.0

0.2.0

0.3.0

0.4.0