CVE-2024-41813

CVSS 3.1 Score 7.5 of 10 (high)

Details

Published Jul 26, 2024
Updated: Jul 29, 2024
CWE ID 918

Summary

CVE-2024-41813 is a Server-Side Request Forgery (SSRF) vulnerability affecting txtdot, an HTTP proxy that parses text, links, and pictures from web pages while removing ads and heavy scripts. The flaw, present in versions 1.4.0 through 1.6.0, enables remote attackers to exploit the `/proxy` route to use the server as a proxy and send HTTP GET requests to arbitrary internal targets, potentially leading to information disclosure. The vulnerability is mitigated by the release of version 1.6.1.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share