Server-Side Request Forgery (SSRF)

CVE-2021-41084

Medium

4.7/10

Summary

http4s is an open source scala interface for HTTP. In affected versions http4s is vulnerable to response-splitting or request-splitting attacks when untrusted user input is used to create any of the following fields: Header names (`Header.name`å), Header values (`Header.value`), Status reason phrases (`Status.reason`), URI paths (`Uri.Path`), URI authority registered names (`URI.RegName`) (through 0.21). This issue has been resolved in versions 0.21.30, 0.22.5, 0.23.4, and 1.0.0-M27 perform the following. As a matter of practice http4s services and client applications should sanitize any user input in the aforementioned fields before returning a request or response to the backend. The carriage return, newline, and null characters are the most threatening.

Attack Complexity: LOW
Attack Vector: NETWORK
Integrity Impact: LOW
Scope: CHANGED
User Interaction: REQUIRED
Privileges Required: NONE
Confidentiality Impact: NONE
Availability Impact: NONE

CWE-918 - Server-Side Request Forgery (SSRF)

Server-side request forgery (SSRF) is a weakness that allows an attacker to send an arbitrary request, making it appear that the request was sent by the server. This request may bypass a firewall that would normally prevent direct access to the URL. The impact of this vulnerability can vary from unauthorized access to files and sensitive information to remote code execution.

References

Advisory

Advisory Timeline

Published Sep 21, 2021

Server-Side Request Forgery (SSRF)

CVE-2021-41084

Summary

CWE-918 - Server-Side Request Forgery (SSRF)

References

Advisory Timeline

ChainJacking

JetBrains IDE

KICS SaaS