CVE-2022-25850 Information
Jun 07, 2022
cve
Description
The package github.com/hoppscotch/proxyscotch before 1.0.0 are vulnerable to Server-side Request Forgery (SSRF) when interceptor mode is set to proxy. It occurs when an HTTP request is made by a backend server to an untrusted URL submitted by a user. It leads to a leakage of sensitive information from the server.
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Reference
https://github.com/hoppscotch/proxyscotch/commit/de67380f62f907f201d75854b76024ba4885fab7 https://snyk.io/vuln/SNYK-GOLANG-GITHUBCOMHOPPSCOTCHPROXYSCOTCH-2435228
Attack Complexity
LOW
Privileges Required
NONE
User Interaction Required
NONE
Scope
NONE
Confidentiality Impact
UNCHANGED
Integrity Impact
HIGH
Availability Impact
NONE
Base Score
NONE
Base Severity
7.5
Share on: