Server-Side Request Forgery in FUXA

Description

A Server-Side Request Forgery (SSRF) attack in FUXA 1.1.3 can be carried out leading to the obtaining of sensitive information from the server’s internal environment and services, often potentially leading to the attacker executing commands on the server.

Recommendation

No fix is available yet. Followings are affected versions:

• <= 1.1.3

References

• GHSA-9vp3-7qwq-83r9
• www.youtube.com
• CVE-2021-45851
• CWE-918
• CAPEC-310
• OWASP 2021-A10
• OWASP 2021-A6

Related Issues

• Server side request forgery in @isomorphic-git/cors-proxy - CVE-2021-23664
• uppy's companion module is vulnerable to Server-Side Request Forgery (SSRF) - uppy - CVE-2022-0086
• Payload: Server-Side Request Forgery (SSRF) in External File URL Uploads - CVE-2026-27567
• Nu Html Checker (vnu) contains a Server-Side Request Forgery (SSRF) vulnerability - CVE-2025-15104

You might also like:

Exploiting Server Version Disclosure

How to Secure your NodeJs Express Javascript Application - part 2

10 Secure Coding Best Practices to Follow in Every Project

Tags:

npm

@frangoteam/fuxa