Vulnerability Description
The package github.com/hoppscotch/proxyscotch before 1.0.0 are vulnerable to Server-side Request Forgery (SSRF) when interceptor mode is set to proxy. It occurs when an HTTP request is made by a backend server to an untrusted URL submitted by a user. It leads to a leakage of sensitive information from the server.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Proxyscotch Project | Proxyscotch | < 1.0.0 |
Related Weaknesses (CWE)
References
- https://github.com/hoppscotch/proxyscotch/commit/de67380f62f907f201d75854b76024bPatchThird Party Advisory
- https://snyk.io/vuln/SNYK-GOLANG-GITHUBCOMHOPPSCOTCHPROXYSCOTCH-2435228ExploitThird Party Advisory
- https://github.com/hoppscotch/proxyscotch/commit/de67380f62f907f201d75854b76024bPatchThird Party Advisory
- https://snyk.io/vuln/SNYK-GOLANG-GITHUBCOMHOPPSCOTCHPROXYSCOTCH-2435228ExploitThird Party Advisory
FAQ
What is CVE-2022-25850?
CVE-2022-25850 is a vulnerability with a CVSS score of 7.5 (HIGH). The package github.com/hoppscotch/proxyscotch before 1.0.0 are vulnerable to Server-side Request Forgery (SSRF) when interceptor mode is set to proxy. It occurs when an HTTP request is made by a backe...
How severe is CVE-2022-25850?
CVE-2022-25850 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2022-25850?
Check the references section above for vendor advisories and patch information. Affected products include: Proxyscotch Project Proxyscotch.