-
Axios 1.7.2 allows SSRF via unexpected behavior where requests for path-relative URLs get processed as protocol-relative URLs.
-
**Is your feature request related to a problem? Please describe.**
Blind SSRF is a very important vulnerability and it is currently not present in Owasp VulnerableApp. A good tutorial video on Blind …
-
SSRF (Server Side Request Forgery) vulnerability allows an attacker to change a parameter used on the Node.js application to create or control requests from the vulnerable server.
This introduces a…
-
### Preflight Checklist
- [X] I agree to follow the [Code of Conduct](https://github.com/HXSecurity/DongTai/blob/main/.github/CODE_OF_CONDUCT.md) that this project adheres to.
- [X] I have searched t…
-
Hey there!
First of all thanks for your work, great library :).
I'm using your library as a facade to LibreOffice to convert documents from one format to another (mostly any format -> pdf).
Anoth…
-
| | |
|------------------|-----------------|
|Previous ID | SR-8124 |
|Radar | https://bugs.swift.org/plugins/servlet/oauth/users/i…
-
I've encountered issues in CodeQL regarding data flow interruption. Here are the details:
## 1. Function Parameter Passing Interruption
In the code below:
```python
def read_sql(sql):
spa…
-
I'm evaluating the openssrf.
My code is below.
```
public class Test extends HttpServlet {
private static final long serialVersionUID = 1L;
public void doGet(HttpServletRequest req, …
-
I suggest a slight-reordering and restructuring, based upon initial feedback of our 2024 edition (as well as my experience teaching some of this):
**Our current (2024) OWASP Top 10 Proactive Contro…
-
Howdy, wonder if you've considered SSRF through redirects.
For example, if we whitelist 10.x.x.x. An outbound request may ask you to redirect to `Location: 10.x.x.x`, this middleware doesn't protec…