{"description":"Trending threats, MITRE ATT\u0026CK coverage, and detection metadata. Fed continuously.","feed_url":"https://feed.craftedsignal.io/products/guarddog--1.0.0--2.9.0/feed.json","home_page_url":"https://feed.craftedsignal.io/","items":[{"_cs_actors":[],"_cs_cpes":[],"_cs_cves":[],"_cs_exploited":false,"_cs_has_poc":false,"_cs_poc_references":[],"_cs_products":["guarddog (\u003e= 1.0.0, \u003c= 2.9.0)","github.com"],"_cs_severities":["high"],"_cs_tags":["ssrf","credential-access","github"],"_cs_type":"advisory","_cs_vendors":["GitHub","pip"],"content_html":"\u003cp\u003eGuardDog, a dependency analysis tool, is vulnerable to Server-Side Request Forgery (SSRF) due to a flaw in its remote project scanning functionality. Specifically, versions 1.0.0 through 2.9.0 are affected. The vulnerability arises from the \u003ccode\u003eProjectScanner.scan_remote()\u003c/code\u003e function, which blindly rewrites URLs without proper validation. By crafting a malicious URL that includes an attacker-controlled hostname, an attacker can redirect requests to an arbitrary server. This includes the potential for the GuardDog instance to send its configured GitHub credentials (\u003ccode\u003eGH_TOKEN\u003c/code\u003e) via HTTP Basic Authentication to the attacker\u0026rsquo;s server. This vulnerability allows attackers to steal GitHub PATs, perform SSRF against internal services, and control the content of dependency files. This issue was assigned CVE-2026-44971.\u003c/p\u003e\n\u003ch2 id=\"attack-chain\"\u003eAttack Chain\u003c/h2\u003e\n\u003col\u003e\n\u003cli\u003eThe attacker identifies a GuardDog instance scanning a repository URL they can influence.\u003c/li\u003e\n\u003cli\u003eThe attacker crafts a malicious repository URL, embedding an attacker-controlled hostname (e.g., \u003ccode\u003ehttp://github@127.0.0.1:18081/owner/repo\u003c/code\u003e).\u003c/li\u003e\n\u003cli\u003eGuardDog\u0026rsquo;s \u003ccode\u003eProjectScanner.scan_remote()\u003c/code\u003e function receives the attacker-controlled URL.\u003c/li\u003e\n\u003cli\u003eThe \u003ccode\u003escan_remote()\u003c/code\u003e function performs a blind string replacement, transforming \u0026ldquo;github\u0026rdquo; to \u0026ldquo;raw.githubusercontent\u0026rdquo;, resulting in a URL like \u003ccode\u003ehttp://raw.githubusercontent@127.0.0.1:18081/owner/repo/main/requirements.txt\u003c/code\u003e.\u003c/li\u003e\n\u003cli\u003eThe \u003ccode\u003erequests.get()\u003c/code\u003e function interprets the URL as a request to \u003ccode\u003e127.0.0.1:18081\u003c/code\u003e.\u003c/li\u003e\n\u003cli\u003eGuardDog includes the configured \u003ccode\u003eGH_TOKEN\u003c/code\u003e as HTTP Basic Authentication credentials in the request\u0026rsquo;s \u003ccode\u003eAuthorization\u003c/code\u003e header.\u003c/li\u003e\n\u003cli\u003eThe attacker\u0026rsquo;s server receives the request, logging the \u003ccode\u003eAuthorization\u003c/code\u003e header and requested path.\u003c/li\u003e\n\u003cli\u003eThe attacker extracts the \u003ccode\u003eGH_TOKEN\u003c/code\u003e from the captured \u003ccode\u003eAuthorization\u003c/code\u003e header or influences the dependency file content.\u003c/li\u003e\n\u003c/ol\u003e\n\u003ch2 id=\"impact\"\u003eImpact\u003c/h2\u003e\n\u003cp\u003eSuccessful exploitation can lead to several critical consequences. The primary risk is the theft of the GitHub Personal Access Token (PAT) configured in the \u003ccode\u003eGH_TOKEN\u003c/code\u003e environment variable, allowing the attacker to impersonate the GuardDog instance and access its GitHub resources. Additionally, the SSRF vulnerability enables attacks against internal or localhost services reachable by the scanner, potentially compromising sensitive internal systems. Finally, the attacker can control the content of dependency files, leading to supply chain attacks.\u003c/p\u003e\n\u003ch2 id=\"recommendation\"\u003eRecommendation\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eDeploy the Sigma rule \u003ccode\u003eDetect GuardDog GH_TOKEN Exfiltration Attempt\u003c/code\u003e to identify potential exfiltration attempts by monitoring network connections to non-GitHub hosts using the GitHub token.\u003c/li\u003e\n\u003cli\u003eApply the suggested fix outlined in the advisory: parse the input URL, require \u003ccode\u003ehostname == \u0026quot;github.com\u0026quot;\u003c/code\u003e, validate the path shape, build the raw URL from parsed components instead of string replacement, and never send GitHub credentials to non-GitHub hosts.\u003c/li\u003e\n\u003cli\u003eUpgrade GuardDog to a version beyond 2.9.0 to remediate CVE-2026-44971.\u003c/li\u003e\n\u003c/ul\u003e\n","date_modified":"2026-05-11T14:46:44Z","date_published":"2026-05-11T14:46:44Z","id":"https://feed.craftedsignal.io/briefs/2026-05-guarddog-ssrf/","summary":"GuardDog versions 1.0.0 through 2.9.0 are vulnerable to Server-Side Request Forgery (SSRF) and potential `GH_TOKEN` exfiltration due to a blind URL rewrite in remote project scanning; an attacker can influence the scanned repository URL to trigger SSRF and capture the `GH_TOKEN` used by GuardDog.","title":"GuardDog SSRF and GH_TOKEN Exfiltration via Blind URL Rewrite (CVE-2026-44971)","url":"https://feed.craftedsignal.io/briefs/2026-05-guarddog-ssrf/"}],"language":"en","title":"CraftedSignal Threat Feed — Guarddog (\u003e= 1.0.0, \u003c= 2.9.0)","version":"https://jsonfeed.org/version/1.1"}