Medium severity6.5NVD Advisory· Published Nov 22, 2021· Updated Jun 17, 2026
CVE-2021-23718
CVE-2021-23718
Description
The package ssrf-agent before 1.0.5 are vulnerable to Server-side Request Forgery (SSRF) via the defaultIpChecker function. It fails to properly validate if the IP requested is private.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
ssrf-agentnpm | < 1.0.5 | 1.0.5 |
Affected products
2- ssrf-agent/ssrf-agentdescription
Patches
Vulnerability mechanics
References
7- snyk.io/vuln/SNYK-JS-SSRFAGENT-1584362nvdExploitThird Party AdvisoryWEB
- github.com/advisories/GHSA-6gww-qpm6-mc2gghsaADVISORY
- github.com/welefen/ssrf-agent/blob/cec2b85fe8886ad6926a247a3e059d8369ec022b/index.js%23L13nvdBroken LinkThird Party AdvisoryWEB
- nvd.nist.gov/vuln/detail/CVE-2021-23718ghsaADVISORY
- security.netapp.com/advisory/ntap-20211203-0005/nvdThird Party Advisory
- github.com/welefen/ssrf-agent/commit/9607175acd0647d821bae4e8fcc3b712aca3fd2dghsaWEB
- security.netapp.com/advisory/ntap-20211203-0005ghsaWEB
News mentions
0No linked articles in our index yet.