FKIE_CVE-2025-23221

Vulnerability from fkie_nvd - Published: 2025-01-20 17:15 - Updated: 2025-01-20 17:15
Severity ?
5.4 (Medium) - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:N/A:L
Summary
Fedify is a TypeScript library for building federated server apps powered by ActivityPub and other standards. This vulnerability allows a user to maneuver the Webfinger mechanism to perform a GET request to any internal resource on any Host, Port, URL combination regardless of present security mechanisms, and forcing the victim’s server into an infinite loop causing Denial of Service. Moreover, this issue can also be maneuvered into performing a Blind SSRF attack. This vulnerability is fixed in 1.0.14, 1.1.11, 1.2.11, and 1.3.4.
References
security-advisories@github.comhttps://github.com/dahlia/fedify/commit/8be3c2038eebf4ae12481683a1e809b314be3151
security-advisories@github.comhttps://github.com/dahlia/fedify/commit/c505eb82fcd6b5b17174c6659c29721bc801ab9a
security-advisories@github.comhttps://github.com/dahlia/fedify/commit/e921134dd5097586e4563ea80b9e8d1b5460a645
security-advisories@github.comhttps://github.com/dahlia/fedify/security/advisories/GHSA-c59p-wq67-24wx
Impacted products
Vendor Product Version
To clipboard 

{
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Fedify is a TypeScript library for building federated server apps powered by ActivityPub and other standards. This vulnerability allows a user to maneuver the Webfinger mechanism to perform a GET request to any internal resource on any Host, Port, URL combination regardless of present security mechanisms, and forcing the victim\u2019s server into an infinite loop causing Denial of Service. Moreover, this issue can also be maneuvered into performing a Blind SSRF attack. This vulnerability is fixed in 1.0.14, 1.1.11, 1.2.11, and 1.3.4."
    },
    {
      "lang": "es",
      "value": "Fedify es una librer\u00eda de TypeScript para crear aplicaciones de servidor federado basadas en ActivityPub y otros est\u00e1ndares. Esta vulnerabilidad permite a un usuario manipular el mecanismo Webfinger para realizar una solicitud GET a cualquier recurso interno en cualquier combinaci\u00f3n de host, puerto y URL, independientemente de los mecanismos de seguridad actuales, y obligar al servidor de la v\u00edctima a entrar en un bucle infinito que provoca una denegaci\u00f3n de servicio. Adem\u00e1s, este problema tambi\u00e9n se puede manipular para realizar un ataque SSRF ciego. Esta vulnerabilidad se ha corregido en 1.0.14, 1.1.11, 1.2.11 y 1.3.4."
    }
  ],
  "id": "CVE-2025-23221",
  "lastModified": "2025-01-20T17:15:07.987",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "HIGH",
          "attackVector": "NETWORK",
          "availabilityImpact": "LOW",
          "baseScore": 5.4,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "LOW",
          "integrityImpact": "NONE",
          "privilegesRequired": "NONE",
          "scope": "CHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:N/A:L",
          "version": "3.1"
        },
        "exploitabilityScore": 2.2,
        "impactScore": 2.7,
        "source": "security-advisories@github.com",
        "type": "Secondary"
      }
    ]
  },
  "published": "2025-01-20T17:15:07.987",
  "references": [
    {
      "source": "security-advisories@github.com",
      "url": "https://github.com/dahlia/fedify/commit/8be3c2038eebf4ae12481683a1e809b314be3151"
    },
    {
      "source": "security-advisories@github.com",
      "url": "https://github.com/dahlia/fedify/commit/c505eb82fcd6b5b17174c6659c29721bc801ab9a"
    },
    {
      "source": "security-advisories@github.com",
      "url": "https://github.com/dahlia/fedify/commit/e921134dd5097586e4563ea80b9e8d1b5460a645"
    },
    {
      "source": "security-advisories@github.com",
      "url": "https://github.com/dahlia/fedify/security/advisories/GHSA-c59p-wq67-24wx"
    }
  ],
  "sourceIdentifier": "security-advisories@github.com",
  "vulnStatus": "Awaiting Analysis",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-835"
        },
        {
          "lang": "en",
          "value": "CWE-918"
        }
      ],
      "source": "security-advisories@github.com",
      "type": "Secondary"
    }
  ]
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.