VYPR
Moderate severityNVD Advisory· Published Jul 1, 2022· Updated Sep 17, 2024

Server-side Request Forgery (SSRF)

CVE-2022-25876

Description

The package link-preview-js before 2.1.16 are vulnerable to Server-side Request Forgery (SSRF) which allows attackers to send arbitrary requests to the local network and read the response. This is due to flawed DNS rebinding protection.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected packages

Versions sourced from the GitHub Security Advisory.

PackageAffected versionsPatched versions
link-preview-jsnpm
< 2.1.172.1.17

Affected products

2

Patches

Vulnerability mechanics

References

5

News mentions

0

No linked articles in our index yet.