CVE-2024-27927

CVSS 3.1 Score 6.5 of 10 (medium)

Details

Published Mar 21, 2024
CWE ID 918

Summary

CVE-2024-27927 is a vulnerability found in RSSHub, an open-source RSS feed generator, prior to version 1.0.0-master.a429472. It allows remote attackers to use the server as a proxy to send HTTP GET requests to arbitrary targets and retrieve information within the internal network or conduct Denial-of-Service (DoS) attacks. The attacker can exploit this vulnerability by sending malicious requests to a RSSHub server, causing it to send HTTP GET requests to arbitrary destinations and obtain partial responses. This poses risks such as leaking the server's IP address, retrieving information about the internal network, and enabling denial of service amplification. To remediate this vulnerability, users should update their RSSHub installations to version 1.0.0-master.a429472 or newer.

Explore Beyond the CVE Basics with Recorded Future's Vulnerability Intelligence

Note: This is just a basic overview providing quick insights into CVE-2024-27927 information. Gain full access to comprehensive CVE data, risk scores, prioritization, and mitigation data through Recorded Future's Vulnerability Intelligence:
  • Prioritize with Risk-Based Scoring
  • Explore the Extensive Vulnerability Database
  • Receive Early Alerts on Emerging CVEs
  • Focus on Critical Exploitable Vulnerabilities
  • Streamline Remediation with Integration Options