CVE-2023-45966: GitHub - jet-pentest/CVE-2023-45966: Blind SSRF in umputun/remark42 <= 1.12.1

CVE-2023-45966****Blind SSRF in umputun/remark42 <= 1.12.1 [Suggested description] An issue was found in umputun/remark42 <= 1.12.1. Malicious JSON in POST request to /api/v1/comment?site=<SITE_ID> leads to Blind SSRF due to missing title field and insufficient filtering of url field in comment creation request.****[Additional Information] Fixed in commit: efceed6****[VulnerabilityType Other] CWE-918: Server Side Request Forgery****[Vendor of Product] https://github.com/umputun****[Affected Product Code Base] Affected version: umputun/remark42 <= 1.12.1****[Affected Component] /api/v1/comment****[Attack Type] Remote****[Impact Code execution] false****[Impact Denial of Service] false****[Impact Escalation of Privileges] false****[Impact Information Disclosure] true****[Attack Vectors] An attacker able to send crafted JSON****[Discoverer] Dmitry Kuramin (Jet Infosystems, jet.su)

[Reference] https://jet.su/vuln