CVE-2024-41812

CVSS 3.1 Score 7.5 of 10 (high)

Details

Published Jul 26, 2024

Updated: Jul 29, 2024

CWE ID 918

Summary

CVE-2024-41812 is a Server-Side Request Forgery (SSRF) vulnerability affecting the txtdot HTTP proxy before version 1.7.0. This issue, located in the `/get` route, enables remote attackers to leverage the server as a proxy and send HTTP GET requests to targets of their choice within the internal network. While version 1.7.0 prevents the display of forged response data, the requests can still be executed. To mitigate the risk, it is strongly recommended to install a firewall between txtdot and internal network resources.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

https://app.recordedfuture.com/live/sc/entity/xLAcEx
https://www.cve.org/CVERecord?id=CVE-2024-41812
https://nvd.nist.gov/vuln/detail/CVE-2024-41812

Back to Vulnerability Database

CVE-2024-41812

CVSS 3.1 Score 7.5 of 10 (high)

Details

Summary

Advisories, Assessments, and Mitigations