Description
If a hostname was blacklisted, it was possible to bypass the blacklist by requesting the FQDN of the host (e.g. adding .
to the end).
Impact
The main purpose of this library is to block requests to internal/private IPs and these cannot be bypassed using this finding. But if a library user had specifically set certain hostnames as blocked, then an attacker would be able to circumvent that block to cause SSRFs to request those hostnames.
Patches
Fixed by #6
Credit
https://github.com/Sim4n6
Description
If a hostname was blacklisted, it was possible to bypass the blacklist by requesting the FQDN of the host (e.g. adding
.
to the end).Impact
The main purpose of this library is to block requests to internal/private IPs and these cannot be bypassed using this finding. But if a library user had specifically set certain hostnames as blocked, then an attacker would be able to circumvent that block to cause SSRFs to request those hostnames.
Patches
Fixed by #6
Credit
https://github.com/Sim4n6