Vulnerability	Vulnerable Version
M Server-side Request Forgery (SSRF) Affected versions of this package are vulnerable to Server-side Request Forgery (SSRF) via the `/sandbox/proxyGateway` endpoint. An attacker can manipulate arbitrary requests and retrieve corresponding responses by inputting any URL into the `requestUrl` parameter. This effectively grants the attacker the capability to dispatch complete HTTP requests to hosts of their choosing. Note: This is only exploitable if the HTTP method, cookies, IP address, and headers are under the attacker's control. How to fix Server-side Request Forgery (SSRF)? Upgrade `org.apache.shenyu:shenyu-common` to version 2.6.0 or higher.	[,2.6.0)

Server-side Request Forgery (SSRF)

Affected versions of this package are vulnerable to Server-side Request Forgery (SSRF) via the /sandbox/proxyGateway endpoint. An attacker can manipulate arbitrary requests and retrieve corresponding responses by inputting any URL into the requestUrl parameter. This effectively grants the attacker the capability to dispatch complete HTTP requests to hosts of their choosing.

Note:

This is only exploitable if the HTTP method, cookies, IP address, and headers are under the attacker's control.

How to fix Server-side Request Forgery (SSRF)?

Upgrade org.apache.shenyu:shenyu-common to version 2.6.0 or higher.

[,2.6.0)

Go back to all versions of this package