Description
If a hostname was blacklisted, it was possible to bypass the blacklist by requesting the FQDN of the host (e.g. adding . to the end).
Impact
The main purpose of this library is to block requests to internal/private IPs and these cannot be bypassed using this finding. But if a library user had specifically set certain hostnames as blocked, then an attacker would be able to circumvent that block to cause SSRFs to request those hostnames.
Patches
Fixed by #6
Credit
https://github.com/Sim4n6
Description
If a hostname was blacklisted, it was possible to bypass the blacklist by requesting the FQDN of the host (e.g. adding
.to the end).Impact
The main purpose of this library is to block requests to internal/private IPs and these cannot be bypassed using this finding. But if a library user had specifically set certain hostnames as blocked, then an attacker would be able to circumvent that block to cause SSRFs to request those hostnames.
Patches
Fixed by #6
Credit
https://github.com/Sim4n6