-
CVSS Score
-Basic Information
Technical Details
Vulnerability Intelligence
Miggo AI
Miggo AIMiggo AIMiggo AIRoot Cause AnalysisThe vulnerability exists in the ProxyHandler function located in server/handlers/proxy.go. The analysis of the patch commit 3b9b470c093b3d20b7d751722c1c24f3eed2e19d reveals that the original implementation of this function took a url directly from the query string and made an HTTP request. This lack of validation on the provided URL is the root cause of the Server-Side Request Forgery (SSRF) vulnerability. An attacker could craft a URL pointing to an internal service (e.g., http://127.0.0.1:8025/api/v1/info as shown in the PoC) and the server would execute the request. The patch completely changes this behavior. Instead of accepting an arbitrary URL, it now requires a base64-encoded string containing a message ID and a URL. It then verifies that the requested URL is a legitimate asset (like an image or CSS file) linked within that specific email message by using the new getAssets function. This ensures that the server only makes requests to URLs that were already present in the content it processed, mitigating the SSRF risk. The vulnerable function is therefore handlers.ProxyHandler as it existed before this patch.
handlers.ProxyHandlerserver/handlers/proxy.go
| Package Name | Ecosystem | Vulnerable Versions | First Patched Version |
|---|---|---|---|
| github.com/axllent/mailpit | go | <= 1.28.0 | 1.28.1 |