Plattform
nodejs
Komponente
txtdot
Behoben in
1.7.1
CVE-2024-41812 describes a Server-Side Request Forgery (SSRF) vulnerability found in txtdot, an HTTP proxy designed to strip ads and scripts from web pages. This vulnerability allows attackers to leverage the txtdot server as a proxy to send HTTP GET requests to internal network resources, potentially exposing sensitive information. The vulnerability affects versions of txtdot prior to 1.7.0; version 1.7.0 mitigates the display of responses but does not fully prevent the forwarding of requests.
The SSRF vulnerability in txtdot allows an attacker to bypass network segmentation and access internal resources that are not directly exposed to the internet. An attacker could use this to scan the internal network for open ports and services, potentially identifying other vulnerable systems. They could also retrieve sensitive data from internal web applications or APIs, such as configuration files, database credentials, or user data. The blast radius extends to any internal resource accessible via HTTP GET requests from the txtdot server. While version 1.7.0 prevents the display of the response, the underlying request forwarding functionality remains, meaning sensitive data can still be exfiltrated through other means.
This vulnerability was publicly disclosed on July 26, 2024. There is no indication of active exploitation at this time. The EPSS score is currently unavailable, but given the SSRF nature and public disclosure, it is likely to be assessed as medium probability. No public proof-of-concept (PoC) code has been released as of this writing.
Organizations running txtdot versions prior to 1.7.0, particularly those with sensitive internal resources accessible via HTTP, are at risk. Shared hosting environments where txtdot is deployed alongside other applications could also be vulnerable, as an attacker could potentially exploit the SSRF vulnerability to access resources belonging to other tenants.
• nodejs / server:
ps aux | grep txtdot• nodejs / server:
journalctl -u txtdot --since "1 hour ago"• generic web:
curl -I http://<txtdot_server>/get?url=http://internal_resource• generic web: Review access logs for unusual outbound requests originating from the txtdot server's IP address.
disclosure
Exploit-Status
EPSS
0.33% (56% Perzentil)
CISA SSVC
CVSS-Vektor
The primary mitigation for CVE-2024-41812 is to upgrade txtdot to version 1.7.0 or later. This version prevents the display of responses from forged requests, reducing the immediate risk of data exposure. However, it does not completely eliminate the SSRF vulnerability. For complete mitigation, a firewall should be implemented between the txtdot server and other internal network resources, restricting outbound connections to only necessary destinations. Consider using a Web Application Firewall (WAF) to filter outbound requests and block suspicious traffic. After upgrading, confirm the fix by attempting to send a request to an internal resource via the /get route and verifying that the response is not displayed.
Aktualisieren Sie txtdot auf Version 1.7.0 oder höher. Wenn ein Update nicht möglich ist, konfigurieren Sie eine Firewall zwischen txtdot und anderen internen Netzwerkressourcen, um das SSRF-Risiko zu mindern. Dies verhindert, dass txtdot auf unerwünschte interne Ressourcen zugreift.
Schwachstellenanalysen und kritische Warnungen direkt in deinen Posteingang.
CVE-2024-41812 is a Server-Side Request Forgery vulnerability in txtdot versions before 1.7.0, allowing attackers to use the server as a proxy to access internal resources.
You are affected if you are running txtdot versions prior to 1.7.0 and have not implemented compensating controls like a firewall.
Upgrade to txtdot version 1.7.0 or later and implement a firewall between the txtdot server and internal resources.
There is currently no indication of active exploitation, but the vulnerability is publicly known.
Refer to the txtdot project's repository or website for the official advisory and release notes.
Lade deine Abhängigkeitsdatei hoch und erfahre sofort, ob dich diese und andere CVEs treffen.