jet-pentest / CVE-2023-45966

Blind SSRF in umputun/remark42 <= 1.12.1

CVE-2023-45966

Blind SSRF in umputun/remark42 <= 1.12.1 [Suggested description] An issue was found in umputun/remark42 <= 1.12.1. Malicious JSON in POST request to /api/v1/comment?site=<SITE_ID> leads to Blind SSRF due to missing `title` field and insufficient filtering of `url` field in comment creation request.

[Additional Information] Fixed in commit: efceed6

[VulnerabilityType Other] CWE-918: Server Side Request Forgery

[Vendor of Product] https://github.com/umputun

[Affected Product Code Base] Affected version: umputun/remark42 <= 1.12.1

[Affected Component] /api/v1/comment

[Attack Type] Remote

[Impact Code execution] false

[Impact Denial of Service] false

[Impact Escalation of Privileges] false

[Impact Information Disclosure] true

[Attack Vectors] An attacker able to send crafted JSON

[Discoverer] Dmitry Kuramin (Jet Infosystems, jet.su)

[Reference] https://jet.su/vuln

About

Blind SSRF in umputun/remark42 <= 1.12.1