CVE-2022-25876
Published
CVSS v3
6.2
MEDIUM
CVSS v2
2.1
LOW
Affected
1
PROJECT
Description
The package link-preview-js before 2.1.16 are vulnerable to Server-side Request Forgery (SSRF) which allows attackers to send arbitrary requests to the local network and read the response. This is due to flawed DNS rebinding protection.
⛓ Extract web links information: title, description, images, videos, etc. [via OpenGraph], runs on mobiles and node.
GitHub