Server-Side Request Forgery (SSRF) Affecting govulncheck-vulndb package, versions <0.0.20250128T150132-150000.1.29.1
Do your applications use this vulnerable package?
In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.
Test your applicationsSnyk Learn
Learn about Server-Side Request Forgery (SSRF) vulnerabilities in an interactive lesson.
Start learning- Snyk IDSNYK-SLES156-GOVULNCHECKVULNDB-8679615
- published31 Jan 2025
- disclosed30 Jan 2025
Introduced: 30 Jan 2025
NewCVE-2025-24354 (opens in a new tab)How to fix?
Upgrade SLES:15.6 govulncheck-vulndb to version 0.0.20250128T150132-150000.1.29.1 or higher.
NVD Description
Note: Versions mentioned in the description apply only to the upstream govulncheck-vulndb package and not the govulncheck-vulndb package as distributed by SLES.
See How to fix? for SLES:15.6 relevant fixed versions and status.
imgproxy is server for resizing, processing, and converting images. Imgproxy does not block the 0.0.0.0 address, even with IMGPROXY_ALLOW_LOOPBACK_SOURCE_ADDRESSES set to false. This can expose services on the local host. This vulnerability is fixed in 3.27.2.