What is CVE-2023-27163?

CVE-2023-27163 is a vulnerability in N/a. Published 2023-03-31.

Is CVE-2023-27163 known to be exploited?

53 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

Vulnerability in N/a

CVE-2023-27163

request-baskets up to v1.2.1 was discovered to contain a Server-Side Request Forgery (SSRF) via the component /api/baskets/{name}. This vulnerability allows attackers to access network resources and sensitive information via a crafted API…

EPSS: 0.933 (99.8th percentile) — read the EPSS interpretation.

Affected products

N/a — versions n/a

Public proof-of-concept exploits

entr0pie/CVE-2023-27163
samh4cks/CVE-2023-27163-InternalProber
seanrdev/cve-2023-27163
MasterCode112/CVE-2023-27163
apaz-dev/CVE-2023-27163
thomas-osgood/CVE-2023-27163
rvizx/CVE-2023-27163
rvzsec/CVE-2023-27163
HusenjanDev/CVE-2023-27163-AND-Mailtrail-v0.53
theopaid/CVE-2023-27163-Request-Baskets-Local-Ports-Bruteforcer

References

notes.sjtu.edu.cn/s/MUUhEymt7
request-baskets.com
github.com/darklynx/request-baskets
gist.github.com/b33t1e/3079c10c88cad379fb166c389ce3b7b3
packetstormsecurity.com/files/174129/Maltrail-0.53-Remote-Code-Execution.html
packetstormsecurity.com/files/174128/Request-Baskets-1.2.1-Server-Side-Request-…

Frequently asked questions

What is CVE-2023-27163?: CVE-2023-27163 is a vulnerability in N/a. Published 2023-03-31.
Is CVE-2023-27163 known to be exploited?: 53 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.