Loading HuntDB...
Hunt
Vulnerability Intelligence by wss.sh
Home Daily Briefings High Impact CVEs Recent Exploits KEV Catalog GitHub Advisories Latest Updates Security News
Sign In Sign Up

GHSA-4ff6-858j-r822

GitHub Security Advisory

Gomatrixserverlib Server-Side Request Forgery (SSRF) on redirects and federation

✓ GitHub Reviewed MODERATE Has CVE
View on GitHub

Advisory Details

### Impact
Gomatrixserverlib is vulnerable to server-side request forgery, serving content from a private network it can access, under certain conditions.

### Patches

c4f1e01eab0dd435709ad15463ed38a079ad6128 fixes this issue.

### Workarounds
Use a local firewall to limit the network segments and hosts the service using gomatrixserverlib can access.

### References
N/A

Affected Packages

Go github.com/matrix-org/gomatrixserverlib
Affected versions: 0 (fixed in 0.0.0-20250116181547-c4f1e01eab0d)

Related CVEs

CVE-2024-52594

Key Information

GHSA ID
GHSA-4ff6-858j-r822
Published
January 16, 2025 11:08 PM
Last Modified
January 17, 2025 3:41 PM
CVSS Score
5.0 /10
Primary Ecosystem
Go
Primary Package
github.com/matrix-org/gomatrixserverlib
GitHub Reviewed
✓ Yes

Dataset

Last updated: September 12, 2025 6:34 AM

Data from GitHub Advisory Database. This information is provided for research and educational purposes.