CVE-2017-0909

EPSS 0.34%
Veröffentlicht 16.11.2017 22:29:00
Zuletzt bearbeitet 20.04.2025 01:37:25
Quelle support@hackerone.com
CVE-Watchlists
Login
Unerledigt
Login

The private_address_check ruby gem before 0.4.1 is vulnerable to a bypass due to an incomplete blacklist of common private/local network addresses used to prevent server-side request forgery.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 1 Referenzen 5

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Private Address Check Project ≫ Private Address Check SwPlatformruby Version < 0.4.1

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.34%	0.562

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	9.8	3.9	5.9	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvd@nist.gov	7.5	10	6.4	AV:N/AC:L/Au:N/C:P/I:P/A:P

CWE-184 Incomplete List of Disallowed Inputs

The product implements a protection mechanism that relies on a list of inputs (or properties of inputs) that are not allowed by policy or otherwise require other action to neutralize before additional processing takes place, but the list is incomplete.

https://github.com/jtdowney/private_address_check/pull/3

Third Party Advisory

Issue Tracking

https://hackerone.com/reports/288950

Patch

Third Party Advisory

Issue Tracking

https://nvd.nist.gov/vuln/detail/CVE-2017-0909

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2017-0909

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2017-0909

EUVD

Team-orientierte Vulnerability Management Plattform

Features der Plattform

CVE-2017-0909