<p>Upgrade <code>github.com/hoppscotch/proxyscotch</code> to version 1.0.0 or higher.</p>

proxyscotch package, versions <1.0.0

Snyk CVSS

Attack Complexity Low

Confidentiality High

Threat Intelligence

Exploit Maturity Proof of concept

EPSS 0.15% (51^st percentile)

Do your applications use this vulnerable package?

In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.

Test your applications

Snyk ID SNYK-GOLANG-GITHUBCOMHOPPSCOTCHPROXYSCOTCH-2435228
published 31 Mar 2022
disclosed 29 Mar 2022
credit Yadhu Krishna M

Report a new vulnerability Found a mistake?

Introduced: 29 Mar 2022

CVE-2022-25850 Open this link in a new tab CWE-918 Open this link in a new tab First added by Snyk

How to fix?

Upgrade github.com/hoppscotch/proxyscotch to version 1.0.0 or higher.

Overview

Affected versions of this package are vulnerable to Server-side Request Forgery (SSRF) when interceptor mode is set to proxy. It occurs when an HTTP request is made by a backend server to an untrusted URL submitted by a user. It leads to a leakage of sensitive information from the server.

References

GitHub Commit