Vulnerability Report: GO-2023-1761
- CVE-2023-30019, GHSA-9x7h-ggc3-xg47
- Affects: github.com/imgproxy/imgproxy, github.com/imgproxy/imgproxy/v2, and 1 more
- Published: Aug 20, 2024
- Unreviewed
imgproxy is vulnerable to Server-Side Request Forgery in github.com/imgproxy/imgproxy
For detailed information about this vulnerability, visit https://github.com/advisories/GHSA-9x7h-ggc3-xg47 or https://nvd.nist.gov/vuln/detail/CVE-2023-30019.
Affected Modules
-
PathGo Versions
-
all versions, no known fixed
-
all versions, no known fixed
-
before v3.15.0
Aliases
References
- https://github.com/advisories/GHSA-9x7h-ggc3-xg47
- https://nvd.nist.gov/vuln/detail/CVE-2023-30019
- https://github.com/imgproxy/imgproxy/commit/1a9768a2c682e88820064aa3d9a05ea234ff3cc4
- https://breakandpray.com/cve-2023-30019-ssrf-in-imgproxy
- https://github.com/imgproxy/imgproxy/blob/ee9e8f0cb101ec22318caffd552a23cc0548d5ce/imagedata/download.go#L142
- https://vuln.go.dev/ID/GO-2023-1761.json
Feedback
This report is unreviewed. It was automatically generated from a third-party source and its details have not been verified by the Go team.
See anything missing or incorrect?
Suggest an edit to this report.