Server-side Request Forgery (SSRF) in github.com/pterodactyl/wings/router/downloader

Do your applications use this vulnerable package? Test your applications

Overview

github.com/pterodactyl/wings/router/downloader is a Wings is Pterodactyl's server control plane, built for the rapidly changing gaming industry and designed to be highly performant and secure.

Affected versions of this package are vulnerable to Server-side Request Forgery (SSRF). It is possible for a malicious user to scan or access resources on the local network.

Remediation

Upgrade github.com/pterodactyl/wings/router/downloader to version 1.2.1 or higher.

References

GitHub Commit
GitHub Release

Attack Vector

Network
Attack Complexity

Low
Privileges Required

None
User Interaction

None
Scope

Unchanged
Confidentiality

High
Integrity

Low
Availability

Low

Credit: Unknown
CWE: CWE-918
Snyk ID: SNYK-GOLANG-GITHUBCOMPTERODACTYLWINGSROUTERDOWNLOADER-1056514
Disclosed: 07 Jan, 2021
Published: 07 Jan, 2021

Server-side Request Forgery (SSRF)
Affecting github.com/pterodactyl/wings/router/downloader package, versions <1.2.1

Overview

Remediation

References

CVSS Score

Server-side Request Forgery (SSRF) Affecting github.com/pterodactyl/wings/router/downloader package, versions <1.2.1

Overview

Remediation

References

Server-side Request Forgery (SSRF)
Affecting github.com/pterodactyl/wings/router/downloader package, versions <1.2.1