GHSA-58g2-vgpg-335q

Source
https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2023/03/GHSA-58g2-vgpg-335q/GHSA-58g2-vgpg-335q.json
Aliases
  • CVE-2023-27163
Published
2023-03-31T21:30:39Z
Modified
2023-04-07T22:47:43Z
Details

request-baskets up to v1.2.1 was discovered to contain a Server-Side Request Forgery (SSRF) via the component /api/baskets/{name}. This vulnerability allows attackers to access network resources and sensitive information via a crafted API request.

References

Affected packages

Go / github.com/darklynx/request-baskets

github.com/darklynx/request-baskets

Affected ranges

Type
SEMVER
Events
Introduced
0
Last affected
1.2.1

Affected versions