Security Advisory

CVE-2024-41813

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2024-07-26 16:51:33

Last updated 2024-08-12 20:55:12

Assigner GitHub_M

State PUBLISHED

Description

txtdot is an HTTP proxy that parses only text, links, and pictures from pages, removing ads and heavy scripts. Starting in version 1.4.0 and prior to version 1.6.1, a Server-Side Request Forgery (SSRF) vulnerability in the `/proxy` route of txtdot allows remote attackers to use the server as a proxy to send HTTP GET requests to arbitrary targets and retrieve information in the internal network. Version 1.6.1 patches the issue.

← Browse all CVEs View on cve.org ↗