CVE-2023-22493

CVSS V2 None CVSS V3 None
Description
RSSHub is an open source RSS feed generator. RSSHub is vulnerable to Server-Side Request Forgery (SSRF) attacks. This vulnerability allows an attacker to send arbitrary HTTP requests from the server to other servers or resources on the network. An attacker can exploit this vulnerability by sending a request to the affected routes with a malicious URL. An attacker could also use this vulnerability to send requests to internal or any other servers or resources on the network, potentially gain access to sensitive information that would not normally be accessible and amplifying the impact of the attack. The patch for this issue can be found in commit a66cbcf.
Overview
  • CVE ID
  • CVE-2023-22493
  • Assigner
  • security-advisories@github.com
  • Vulnerability Status
  • Analyzed
  • Published Version
  • 2023-01-13T15:15:09
  • Last Modified Date
  • 2023-03-07T22:35:43
Weakness Enumerations
CWE URL
CWE-918 http://cwe.mitre.org/data/definitions/918.html
CPE Configuration (Product)
CPE Vulnerable Operator Version Start Version End
cpe:2.3:a:rsshub_project:rsshub:*:*:*:*:*:node.js:*:* 1 OR 2023-01-10
References
Reference URL Reference Tags
https://github.com/DIYgod/RSSHub/commit/a66cbcf6eebc700bf97ab097f404f16ab415506a
https://github.com/DIYgod/RSSHub/pull/11588
https://github.com/DIYgod/RSSHub/security/advisories/GHSA-64wp-jh9p-5cg2
Sources
Source Name Source URL
NIST https://nvd.nist.gov/vuln/detail/CVE-2023-22493
MITRE https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-22493
History
Created Old Value New Value Data Type Notes
2023-01-13 16:17:48 Added to TrackCVE
2023-01-13 16:17:49 Weakness Enumeration new
2023-01-19 20:14:11 Awaiting Analysis Undergoing Analysis Vulnerability Status updated
2023-01-23 19:14:02 2023-01-23T18:48:32 CVE Modified Date updated
2023-01-23 19:14:02 Undergoing Analysis Analyzed Vulnerability Status updated
2023-01-23 19:14:05 CPE Information updated
2023-03-06 21:15:41 Analyzed Undergoing Analysis Vulnerability Status updated
2023-03-07 23:16:39 2023-03-07T22:35:43 CVE Modified Date updated
2023-03-07 23:16:39 Undergoing Analysis Analyzed Vulnerability Status updated