{"description":"Trending threats, MITRE ATT\u0026CK coverage, and detection metadata. Fed continuously.","feed_url":"https://feed.craftedsignal.io/products/got/feed.json","home_page_url":"https://feed.craftedsignal.io/","items":[{"_cs_actors":[],"_cs_cpes":[],"_cs_cves":[],"_cs_exploited":false,"_cs_has_poc":false,"_cs_poc_references":[],"_cs_products":["@karakeep/sdk (\u003c= 0.31.0)","got"],"_cs_severities":["high"],"_cs_tags":["ssrf","karakeep","metascraper","web-application"],"_cs_type":"advisory","_cs_vendors":["npm"],"content_html":"\u003cp\u003eThe Karakeep SDK is vulnerable to Server-Side Request Forgery (SSRF) due to the \u003ccode\u003emetascraper-logo-favicon\u003c/code\u003e plugin (v5.49.5) not being subject to the application\u0026rsquo;s \u003ccode\u003evalidateUrl()\u003c/code\u003e function. This function, which is normally used to protect against SSRF, is bypassed when fetching favicon URLs from \u003ccode\u003e\u0026lt;link rel=\u0026quot;icon\u0026quot;\u0026gt;\u003c/code\u003e tags within HTML content. An attacker can exploit this by creating a bookmark with a URL pointing to a malicious page. This page contains \u003ccode\u003e\u0026lt;link rel=\u0026quot;icon\u0026quot;\u0026gt;\u003c/code\u003e tags with \u003ccode\u003ehref\u003c/code\u003e attributes pointing to internal or private network addresses. When the server fetches the page, it will then make requests to these internal URLs without proper validation, potentially exposing sensitive information or allowing unauthorized access to internal resources. This vulnerability was introduced by the lack of validation in the \u003ccode\u003eparseHtmlSubprocess.ts\u003c/code\u003e file.\u003c/p\u003e\n\u003ch2 id=\"attack-chain\"\u003eAttack Chain\u003c/h2\u003e\n\u003col\u003e\n\u003cli\u003eAttacker crafts a malicious HTML page with \u003ccode\u003e\u0026lt;link rel=\u0026quot;icon\u0026quot;\u0026gt;\u003c/code\u003e tags containing internal or private IP addresses (e.g., \u003ccode\u003e127.0.0.1\u003c/code\u003e, \u003ccode\u003e169.254.169.254\u003c/code\u003e, \u003ccode\u003e192.168.1.1\u003c/code\u003e) in the \u003ccode\u003ehref\u003c/code\u003e attribute.\u003c/li\u003e\n\u003cli\u003eThe attacker hosts this malicious HTML page on a publicly accessible server (e.g., \u003ccode\u003ehttps://attacker.example.com/ssrf.html\u003c/code\u003e).\u003c/li\u003e\n\u003cli\u003eA Karakeep user, authenticated and authorized to create bookmarks, creates a new bookmark with the URL of the malicious HTML page.\u003c/li\u003e\n\u003cli\u003eThe Karakeep server fetches the HTML content of the bookmarked page using \u003ccode\u003efetchWithProxy()\u003c/code\u003e. This initial request passes through the \u003ccode\u003evalidateUrl()\u003c/code\u003e function, ensuring the main URL is a valid public address.\u003c/li\u003e\n\u003cli\u003eThe fetched HTML content is passed to the \u003ccode\u003eparseHtmlSubprocess.ts\u003c/code\u003e script, which utilizes \u003ccode\u003emetascraper-logo-favicon\u003c/code\u003e to parse the HTML and extract favicon URLs from the \u003ccode\u003e\u0026lt;link rel=\u0026quot;icon\u0026quot;\u0026gt;\u003c/code\u003e tags.\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003emetascraper-logo-favicon\u003c/code\u003e extracts the malicious URLs from the \u003ccode\u003ehref\u003c/code\u003e attributes of the \u003ccode\u003e\u0026lt;link rel=\u0026quot;icon\u0026quot;\u0026gt;\u003c/code\u003e tags.\u003c/li\u003e\n\u003cli\u003eThe \u003ccode\u003ereachable-url\u003c/code\u003e library, wrapped by \u003ccode\u003egot\u003c/code\u003e, is used to make HTTP GET requests to the extracted favicon URLs \u003cem\u003ewithout\u003c/em\u003e any SSRF validation.\u003c/li\u003e\n\u003cli\u003eThe Karakeep server makes HTTP GET requests to the attacker-specified internal or private IP addresses, bypassing the intended SSRF protections, potentially leaking sensitive information or allowing unauthorized access.\u003c/li\u003e\n\u003c/ol\u003e\n\u003ch2 id=\"impact\"\u003eImpact\u003c/h2\u003e\n\u003cp\u003eSuccessful exploitation of this SSRF vulnerability allows an attacker to force the Karakeep server to make requests to internal services and resources. This can result in the exposure of sensitive information such as cloud metadata (e.g., AWS IAM credentials via \u003ccode\u003ehttp://169.254.169.254/latest/meta-data/\u003c/code\u003e), internal service discovery, and redirection-based data leaks. The application\u0026rsquo;s intended SSRF protections are rendered ineffective, potentially leading to full compromise of the Karakeep instance and its associated data.\u003c/p\u003e\n\u003ch2 id=\"recommendation\"\u003eRecommendation\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eDeploy the following Sigma rule to detect HTTP requests originating from the Karakeep server to internal IP addresses, indicating potential SSRF exploitation (log source: \u003ccode\u003enetwork_connection\u003c/code\u003e, rule title: \u0026ldquo;Detect Karakeep SSRF to Internal IPs\u0026rdquo;).\u003c/li\u003e\n\u003cli\u003eImplement the suggested fix by adding URL validation hooks to the \u003ccode\u003egotOpts\u003c/code\u003e within \u003ccode\u003emetascraperLogo\u003c/code\u003e in \u003ccode\u003eapps/workers/scripts/parseHtmlSubprocess.ts\u003c/code\u003e, ensuring that all favicon URLs are validated by \u003ccode\u003evalidateUrl()\u003c/code\u003e before being requested.\u003c/li\u003e\n\u003cli\u003eUpgrade the \u003ccode\u003e@karakeep/sdk\u003c/code\u003e package to a version greater than 0.31.0 to incorporate any official patches addressing this vulnerability (affected product: \u003ccode\u003e@karakeep/sdk\u003c/code\u003e).\u003c/li\u003e\n\u003cli\u003eMonitor outbound network traffic from the Karakeep server for connections to internal IP ranges (10.0.0.0/8, 172.16.0.0/12, 192.168.0.0/16) and the AWS metadata endpoint (169.254.169.254) (IOCs).\u003c/li\u003e\n\u003c/ul\u003e\n","date_modified":"2026-05-14T18:27:42Z","date_published":"2026-05-14T18:27:42Z","id":"https://feed.craftedsignal.io/briefs/2026-05-karakeep-ssrf/","summary":"Karakeep SDK is vulnerable to SSRF via the `metascraper-logo-favicon` plugin, which bypasses intended SSRF protections by making HTTP requests to URLs extracted from attacker-controlled HTML `\u003clink rel=\"icon\"\u003e` tags, allowing authenticated users to trigger server-side requests to arbitrary internal URLs.","title":"Karakeep SDK SSRF via metascraper-logo-favicon","url":"https://feed.craftedsignal.io/briefs/2026-05-karakeep-ssrf/"}],"language":"en","title":"CraftedSignal Threat Feed — Got","version":"https://jsonfeed.org/version/1.1"}