H1-2493548 — Vulnetix

H1-2493548 PUBLISHED CVSS 9.800000190734863 CRITICAL

Incorrect Type Conversion in interpreting IPv4-mapped IPv6 addresses and below `curl` results in indeterminate SSRF vulnerabilities.

Risk Scores

CVSS 3.1

9.800000190734863

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Exploit Intelligence

jithinodattu/CVE-2023-24329-lab (github-poc-repo)
Code used from @SeanPesce (github-poc-repo)
Code used from @SeanPesce (github-poc)
env of CVE-2024-22243&CVE-2024-22234 (github-poc)
Example exploitable scenarios for CVE-2024-22243 affecting the Spring framework (open redirect & SSRF). (github-poc)
jithinodattu/CVE-2023-24329-lab (github-poc)
Pandante-Central/CVE-2023-24329-codeql-test (github-poc)
H4R335HR/CVE-2023-24329-PoC (github-poc)
Incorrect Type Conversion in interpreting IPv4-mapped IPv6 addresses and below `curl` results in indeterminate SSRF vulnerabilities. (hackerone)
Incorrect Type Conversion in interpreting IPv4-mapped IPv6 addresses and below `curl` results in indeterminate SSRF vulnerabilities. (hackerone)

…and 9 more exploits

Timeline

May 8, 2024 CVE Published
May 8, 2024 PoC Published

References

Incorrect Type Conversion in interpreting IPv4-mapped IPv6 addresses and below `curl` results in indeterminate SSRF vulnerabilities. advisory

Open in Interactive Console →

$ Console Community · 100/wk Open console ›