.. / CVE-2023-30019

Exploit for Imgproxy <= 3.14.0 - Server-side request forgery (SSRF) (CVE-2023-30019)

Description:

imgproxy <=3.14.0 is vulnerable to Server-Side Request Forgery (SSRF) due to a lack of sanitization of the imageURL parameter.

Nuclei Template

View the template here CVE-2023-30019.yaml

Validate with Nuclei

echo "$URL" | nuclei -t ~/nuclei-templates/http/cves/2023/CVE-2023-30019.yaml
Copy

References:

https://nvd.nist.gov/vuln/detail/CVE-2023-30019
https://github.com/imgproxy/imgproxy
https://github.com/j4k0m/godkiller
https://breakandpray.com/cve-2023-30019-ssrf-in-imgproxy/