CVE-2025-1211

by Fred · 11/02/2025

Versions of the package hackney before 1.21.0 are vulnerable to Server-side Request Forgery (SSRF) due to improper parsing of URLs by URI built-in module and hackey. Given the URL http://127.0.0.1?@127.2.2.2/, the URI function will parse and see the host as 127.0.0.1 (which is correct), and hackney will refer the host as 127.2.2.2/. This vulnerability can be exploited when users rely on the URL function for host checking.

More information : https://gist.github.com/snoopysecurity/996de09ec0cfd0ebdcfdda8ff515deb1

CVE-2025-1211

Similar

Recent Posts

Categories

CVE-2025-1211

Share this:

Similar

Recent Posts

Categories

Tags