Plateforme
nodejs
Composant
txtdot
Corrigé dans
1.4.1
CVE-2024-41813 describes a Server-Side Request Forgery (SSRF) vulnerability discovered in txtdot, an HTTP proxy designed to strip ads and scripts from web pages. This flaw allows attackers to leverage the txtdot server as a proxy to send HTTP GET requests to arbitrary internal targets, potentially exposing sensitive information. The vulnerability affects versions 1.4.0 and later, up to, but not including, version 1.6.1. A patch is available in version 1.6.1.
The SSRF vulnerability in txtdot allows an attacker to bypass network security controls and access internal resources that are not directly accessible from the outside world. An attacker could, for example, scan internal ports, access internal APIs, or retrieve sensitive data from internal databases or file servers. The blast radius extends to any internal service accessible via HTTP GET requests. Successful exploitation could lead to data breaches, unauthorized access to internal systems, and potentially, further compromise of the network. The ability to proxy requests through txtdot effectively grants the attacker a foothold within the internal network.
CVE-2024-41813 was publicly disclosed on July 26, 2024. There is no indication of active exploitation campaigns at this time. No public proof-of-concept (PoC) code has been released. The vulnerability is not currently listed on the CISA KEV catalog. The CVSS score of 7.5 (HIGH) indicates a significant potential for exploitation if left unpatched.
Organizations running txtdot as a proxy server, particularly those with sensitive internal resources accessible via HTTP, are at risk. Shared hosting environments where txtdot is deployed alongside other applications are also vulnerable, as a compromise of one application could lead to exploitation of this SSRF vulnerability.
• nodejs / server:
ps aux | grep txtdot
journalctl -u txtdot -f• generic web:
curl -I http://<txtdot_server>/proxy?url=http://internal-resource
# Check for 200 OK response or other unexpected behaviordisclosure
Statut de l'Exploit
EPSS
0.33% (percentile 56%)
CISA SSVC
Vecteur CVSS
The primary mitigation for CVE-2024-41813 is to upgrade to version 1.6.1 of txtdot. If upgrading immediately is not feasible, consider implementing temporary workarounds. Restrict network access to the txtdot server to only trusted sources using firewall rules or network segmentation. Implement input validation on the /proxy route to prevent attackers from specifying arbitrary target URLs. Monitor txtdot logs for suspicious outbound requests. Consider deploying a Web Application Firewall (WAF) with SSRF protection rules to filter malicious requests. After upgrading, confirm the fix by attempting to send a request to an internal resource through the /proxy route; the request should be blocked.
Mettez à jour txtdot à la version 1.6.1 ou supérieure. Cette version corrige la vulnérabilité SSRF dans la route `/proxy`. Pour mettre à jour, utilisez le gestionnaire de paquets npm : `npm install txtdot@latest`.
Analyses de vulnérabilités et alertes critiques directement dans votre boîte mail.
CVE-2024-41813 is a Server-Side Request Forgery (SSRF) vulnerability in txtdot versions 1.4.0 through 1.6.0, allowing attackers to proxy requests to internal resources.
You are affected if you are running txtdot versions 1.4.0 to 1.6.0. Upgrade to version 1.6.1 to mitigate the vulnerability.
Upgrade to version 1.6.1 of txtdot. As a temporary workaround, restrict network access and implement input validation.
There is currently no evidence of active exploitation, but the vulnerability's severity warrants immediate attention and patching.
Refer to the txtdot project's official advisory and release notes for details and updates: [https://github.com/txtdot/txtdot/releases/tag/v1.6.1](https://github.com/txtdot/txtdot/releases/tag/v1.6.1)
Téléverse ton fichier de dépendances et découvre instantanément si cette CVE et d'autres te touchent.