Skip to content
Threat Feed

Product

Ssrfcheck (<= 1.3.0)

1 brief RSS
high advisory

ssrfcheck vulnerable to SSRF via IPv4-mapped IPv6 bypass

ssrfcheck version 1.3.0 and earlier is vulnerable to server-side request forgery (SSRF) attacks because it fails to block private IP addresses encoded as IPv4-mapped IPv6 addresses due to WHATWG URL parsing.

ssrfcheck ssrf vulnerability node.js
2r 1t