Vulnerability Description
The private_address_check ruby gem before 0.4.1 is vulnerable to a bypass due to an incomplete blacklist of common private/local network addresses used to prevent server-side request forgery.
CVSS Score
CRITICAL
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Private Address Check Project | Private Address Check | < 0.4.1 |
Related Weaknesses (CWE)
References
- https://github.com/jtdowney/private_address_check/pull/3Issue TrackingThird Party Advisory
- https://hackerone.com/reports/288950Issue TrackingPatchThird Party Advisory
- https://github.com/jtdowney/private_address_check/pull/3Issue TrackingThird Party Advisory
- https://hackerone.com/reports/288950Issue TrackingPatchThird Party Advisory
FAQ
What is CVE-2017-0909?
CVE-2017-0909 is a vulnerability with a CVSS score of 9.8 (CRITICAL). The private_address_check ruby gem before 0.4.1 is vulnerable to a bypass due to an incomplete blacklist of common private/local network addresses used to prevent server-side request forgery.
How severe is CVE-2017-0909?
CVE-2017-0909 has been rated CRITICAL with a CVSS base score of 9.8/10. This is considered a critical vulnerability requiring immediate attention.
Is there a patch for CVE-2017-0909?
Check the references section above for vendor advisories and patch information. Affected products include: Private Address Check Project Private Address Check.