Server-side Request Forgery (SSRF) vulnerability in package link-preview-js before 2.1.16

Server-side Request Forgery (SSRF) vulnerability in package link-preview-js before 2.1.16

CVE-2022-25876 · MEDIUM Severity

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

The package link-preview-js before 2.1.16 are vulnerable to Server-side Request Forgery (SSRF) which allows attackers to send arbitrary requests to the local network and read the response. This is due to flawed DNS rebinding protection.

Learn more about our Cis Benchmark Audit For Bind.