VYPR
High severity7.5NVD Advisory· Published Jul 26, 2024· Updated Jun 17, 2026

CVE-2024-41813

CVE-2024-41813

Description

txtdot is an HTTP proxy that parses only text, links, and pictures from pages, removing ads and heavy scripts. Starting in version 1.4.0 and prior to version 1.6.1, a Server-Side Request Forgery (SSRF) vulnerability in the /proxy route of txtdot allows remote attackers to use the server as a proxy to send HTTP GET requests to arbitrary targets and retrieve information in the internal network. Version 1.6.1 patches the issue.

Affected products

2
  • txtdot/txtdotllm-fuzzy2 versions
    1.4.0 <= 1.6.1+ 1 more
    • (no CPE)range: 1.4.0 <= 1.6.1
    • (no CPE)range: >= 1.4.0, < 1.6.1

Patches

Vulnerability mechanics

References

3

News mentions

0

No linked articles in our index yet.