admin/nvd-json-data-feeds
1
0
Fork 0
mirror of https://github.com/fkie-cad/nvd-json-data-feeds.git synced 2025-06-07 05:28:59 +00:00
Code Issues Packages Projects Releases Wiki Activity
nvd-json-data-feeds/CVE-2025/CVE-2025-232xx/CVE-2025-23221.json
cad-safe-bot 0c245865ae Auto-Update: 2025-01-26T03:00:19.791548+00:00
2025-01-26 03:03:52 +00:00

76 lines
3.1 KiB
JSON
Raw Blame History

{
"id": "CVE-2025-23221",
"sourceIdentifier": "security-advisories@github.com",
"published": "2025-01-20T17:15:07.987",
"lastModified": "2025-01-20T17:15:07.987",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Fedify is a TypeScript library for building federated server apps powered by ActivityPub and other standards. This vulnerability allows a user to maneuver the Webfinger mechanism to perform a GET request to any internal resource on any Host, Port, URL combination regardless of present security mechanisms, and forcing the victim\u2019s server into an infinite loop causing Denial of Service. Moreover, this issue can also be maneuvered into performing a Blind SSRF attack. This vulnerability is fixed in 1.0.14, 1.1.11, 1.2.11, and 1.3.4."
},
{
"lang": "es",
"value": "Fedify es una librer\u00eda de TypeScript para crear aplicaciones de servidor federado basadas en ActivityPub y otros est\u00e1ndares. Esta vulnerabilidad permite a un usuario manipular el mecanismo Webfinger para realizar una solicitud GET a cualquier recurso interno en cualquier combinaci\u00f3n de host, puerto y URL, independientemente de los mecanismos de seguridad actuales, y obligar al servidor de la v\u00edctima a entrar en un bucle infinito que provoca una denegaci\u00f3n de servicio. Adem\u00e1s, este problema tambi\u00e9n se puede manipular para realizar un ataque SSRF ciego. Esta vulnerabilidad se ha corregido en 1.0.14, 1.1.11, 1.2.11 y 1.3.4."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security-advisories@github.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:N/A:L",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"attackVector": "NETWORK",
"attackComplexity": "HIGH",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"availabilityImpact": "LOW"
},
"exploitabilityScore": 2.2,
"impactScore": 2.7
}
]
},
"weaknesses": [
{
"source": "security-advisories@github.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-835"
},
{
"lang": "en",
"value": "CWE-918"
}
]
}
],
"references": [
{
"url": "https://github.com/dahlia/fedify/commit/8be3c2038eebf4ae12481683a1e809b314be3151",
"source": "security-advisories@github.com"
},
{
"url": "https://github.com/dahlia/fedify/commit/c505eb82fcd6b5b17174c6659c29721bc801ab9a",
"source": "security-advisories@github.com"
},
{
"url": "https://github.com/dahlia/fedify/commit/e921134dd5097586e4563ea80b9e8d1b5460a645",
"source": "security-advisories@github.com"
},
{
"url": "https://github.com/dahlia/fedify/security/advisories/GHSA-c59p-wq67-24wx",
"source": "security-advisories@github.com"
}
]
}
Reference in New Issue View Git Blame Copy Permalink