Description

Versions of the package hackney before 1.21.0 are vulnerable to Server-side Request Forgery (SSRF) due to improper parsing of URLs by URI built-in module and hackey. Given the URL http://[email protected]/, the URI function will parse and see the host as 127.0.0.1 (which is correct), and hackney will refer the host as 127.2.2.2/. This vulnerability can be exploited when users rely on the URL function for host checking.

INFO

Published Date :

2025-02-11T05:00:00.994Z

Last Modified :

2025-03-16T12:48:56.614Z

Source :

snyk
AFFECTED PRODUCTS

The following products are affected by CVE-2025-1211 vulnerability.

No data.

REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2025-1211.

URL Resource
https://gist.github.com/snoopysecurity/996de09ec0cfd0ebdcfdda8ff515deb1 cve-icon cve-icon cve-icon
https://github.com/benoitc/hackney/commit/9594ce58fabd32cd897fc28fae937694515a3d4a cve-icon cve-icon
https://security.snyk.io/vuln/SNYK-HEX-HACKNEY-6516131 cve-icon cve-icon
https://www.blackhat.com/docs/us-17/thursday/us-17-Tsai-A-New-Era-Of-SSRF-Exploiting-URL-Parser-In-Trending-Programming-Languages.pdf cve-icon cve-icon
Login to claim this CVE

CVSS Vulnerability Scoring System

Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Attack Requirements
Privileges Required
User Interaction
VS Confidentiality
VS Integrity
VS Availability
SS Confidentiality
SS Integrity
SS Availability
Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality Impact
Integrity Impact
Availability Impact