CVE-2022-25876

Summary

The package link-preview-js before 2.1.16 are vulnerable to Server-side Request Forgery (SSRF) which allows attackers to send arbitrary requests to the local network and read the response. This is due to flawed DNS rebinding protection.

Affected Software

VendorProductVersion RangeStatus
n/alink-preview-jsunspecified < 2.1.16affected

Weaknesses

  • Server-side Request Forgery (SSRF)

ADP Enrichment

CVE Program Container

Additional References

References