8.8

CVSS Score

3.1

Basic Information

CVE ID

CVE-2023-22493

GHSA ID

GHSA-64wp-jh9p-5cg2

EPSS Score

0.21359%

CWE

CWE-918

Published

1/11/2023

Updated

1/23/2023

KEV Status

Technology

JavaScript

Concerned about an active attack path?

Talk to our security experts and see Miggo in action.

Miggo Vulnerability Database

→

CVE-2023-22493

CVE-2023-22493: RSSHub SSRF vulnerability

Summary

RSSHub is vulnerable to Server-Side Request Forgery (SSRF) attacks. This vulnerability allows an attacker to send arbitrary HTTP requests from the server to other servers or resources on the network.

Description

An attacker can exploit this vulnerability by sending a request to the affected routes with a malicious URL. For example, if an attacker controls the ATTACKER.HOST domain, they can send a request to affected routes with the value set to ATTACKER.HOST%2F%23. The %2F and %23 characters are URL-encoded versions of the forward-slash (/) and pound (#) characters, respectively. In this context, an attacker could use those characters to append the base URL (i.e. https://${input}.defined.host) to be modified to https://ATTACKER.HOST/#.defined.host. This will cause the server to send a request to the attacker-controlled domain, allowing the attacker to potentially gain access to sensitive information or perform further attacks on the server.

Impact

An attacker could use this vulnerability to send requests to internal or any other servers or resources on the network, potentially gain access to sensitive information that would not normally be accessible and amplifying the impact of the attack.

Reference

Fixing PR: https://github.com/DIYgod/RSSHub/pull/11588

(GitHub Advisory)

8.8

CVSS Score

3.1

Basic Information

CVE ID

CVE-2023-22493

GHSA ID

GHSA-64wp-jh9p-5cg2

EPSS Score

0.21359%

CWE

CWE-918

Published

1/11/2023

Updated

1/23/2023

KEV Status

Technology

JavaScript

Technical Details

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:L

Package Name	Ecosystem	Vulnerable Versions	First Patched Version
rsshub	npm	< 1.0.0-master.a66cbcf	1.0.0-master.a66cbcf

Vulnerability Intelligence
Miggo AI

Root Cause Analysis

The vulnerability stemmed from route handlers accepting user-controlled parameters to construct backend URLs without proper domain validation. The commit adds 'isValidHost' checks across multiple route files, indicating these handlers previously lacked validation. Each listed function corresponds to a route that was modified to add security checks, with their absence previously enabling SSRF through crafted parameters. The high confidence comes from direct correlation between added validation in the fix and previously missing security controls.

Vulnerable functions

Only Mi**o us*rs **n s** t*is s**tion

WAF Protection Rules

WAF Rule

## Summ*ry RSS*u* is vuln*r**l* to S*rv*r-Si** R*qu*st *or**ry (SSR*) *tt**ks. T*is vuln*r**ility *llows *n *tt**k*r to s*n* *r*itr*ry *TTP r*qu*sts *rom t** s*rv*r to ot**r s*rv*rs or r*sour**s on t** n*twork. ## **s*ription *n *tt**k*r **n *xplo

Reasoning

T** vuln*r**ility st*mm** *rom rout* **n*l*rs ****ptin* us*r-*ontroll** p*r*m*t*rs to *onstru*t ***k*n* URLs wit*out prop*r *om*in v*li**tion. T** *ommit ***s 'isV*li**ost' ****ks **ross multipl* rout* *il*s, in*i**tin* t**s* **n*l*rs pr*viously l**k

8.8

Basic Information

Concerned about an active attack path?

CVE-2023-22493: RSSHub SSRF vulnerability

Summary

Description

Impact

Reference

8.8

Basic Information

Technical Details

Vulnerability IntelligenceMiggo AI

Root Cause Analysis

Vulnerable functions

WAF Protection Rules

WAF Rule

Reasoning

Vulnerability Intelligence
Miggo AI