Server-Side Request Forgery in FUXA

Severity:: High

Description

A Server-Side Request Forgery (SSRF) attack in FUXA 1.1.3 can be carried out leading to the obtaining of sensitive information from the server’s internal environment and services, often potentially leading to the attacker executing commands on the server.

Recommendation

No fix is available yet. Followings are affected versions:

<= 1.1.3

References

GHSA-9vp3-7qwq-83r9
www.youtube.com
CVE-2021-45851
CWE-918
CAPEC-310
OWASP 2021-A10
OWASP 2021-A6

Related Issues

Expo SDK has an OAuth vulnerability - CVE-2023-28131
tRPC 11 WebSocket DoS Vulnerability - CVE-2025-43855
@rpldy/uploader prototype pollution - CVE-2024-57082
Signature Malleabillity in elliptic - CVE-2020-13822

Tags:: npm; @frangoteam/fuxa

Anything's wrong? Let us know Last updated on January 27, 2023