multiable SSRF server side request forgery CVE

i2p / i2p.i2p

I2P is an anonymizing network, offering a simple layer that identity-sensitive applications can use to securely communicate. All data is wrapped with several layers of encryption, and the network is both distributed and dynamic, with no trusted parties.

https://geti2p.net

Other

2k stars 309 forks source link

multiable SSRF server side request forgery CVE #59

Closed s-b-repo closed 11 months ago

s-b-repo commented 11 months ago

n sanitized input from data from a remote resource flows into openConnection, where it is used as an URL to perform a request. This may result in a Server-Side Request Forgery vulnerability. ‎router/java/src/org/cybergarage/xml/Parser.java:97

‎router/java/src/org/cybergarage/xml/Parser.java:135 ‎core/java/src/net/i2p/util/EepGet.java:310 ‎router/java/src/org/cybergarage/xml/Parser.java:160

eyedeekay commented 11 months ago

Not sure how the tool even came up with this one but it does not appear to be a real bug. Re-open if you can explain differently.