cve/CVE-2023-26431.md at dd6a10065df501f0a524d47b55e162f16811ba93

admin/cve

mirror of https://github.com/0xMarcio/cve.git synced 2025-05-06 02:31:38 +00:00

0xMarcio 48a00929ac Removed duplicates

2024-06-18 02:51:15 +02:00

Description

IPv4-mapped IPv6 addresses did not get recognized as "local" by the code and a connection attempt is made. Attackers with access to user accounts could use this to bypass existing deny-list functionality and trigger requests to restricted network infrastructure to gain insight about topology and running services. We now respect possible IPV4-mapped IPv6 addresses when checking if contained in a deny-list. No publicly available exploits are known.

POC

Reference

http://packetstormsecurity.com/files/173083/OX-App-Suite-SSRF-Resource-Consumption-Command-Injection.html

Github

No PoCs found on GitHub currently.

1.0 KiB Raw Blame History

CVE-2023-26431

Description

POC

Reference

Github

1.0 KiB

Raw Blame History