High severity7.5NVD Advisory· Published Jan 30, 2023· Updated Jun 17, 2026
CVE-2023-24623
CVE-2023-24623
Description
Paranoidhttp before 0.3.0 allows SSRF because [::] is equivalent to the 127.0.0.1 address, but does not match the filter for private addresses.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
github.com/hakobe/paranoidhttpGo | < 0.3.0 | 0.3.0 |
Affected products
2- Paranoidhttp/Paranoidhttpdescription
Patches
Vulnerability mechanics
References
6- github.com/hakobe/paranoidhttp/commit/07f671da14ce63a80f4e52432b32e8d178d75fd3nvdPatchThird Party AdvisoryWEB
- github.com/hakobe/paranoidhttp/compare/v0.2.0...v0.3.0nvdPatchThird Party AdvisoryWEB
- github.com/advisories/GHSA-v9mp-j8g7-2q6mghsaADVISORY
- github.com/hakobe/paranoidhttp/blob/master/CHANGELOG.mdnvdRelease NotesThird Party AdvisoryWEB
- nvd.nist.gov/vuln/detail/CVE-2023-24623ghsaADVISORY
- pkg.go.dev/vuln/GO-2023-1526ghsaWEB
News mentions
0No linked articles in our index yet.