cbcvebase.
CVE-2023-27163
published 2023-03-31

CVE-2023-27163: request-baskets up to v1.2.1 was discovered to contain a Server-Side Request Forgery (SSRF) via the component /api/baskets/{name}. This vulnerability allows…

PriorityP274medium6.5CVSS 3.1
AVNACLPRHUINSUCHIHAN
ITWEXPLOITVulnCheck KEVInitial access
Exploited in the wild
EPSS
7.50%
93.7th percentile
request-baskets up to v1.2.1 was discovered to contain a Server-Side Request Forgery (SSRF) via the component /api/baskets/{name}. This vulnerability allows attackers to access network resources and sensitive information via a crafted API request.

Affected

2 ranges
VendorProductVersion rangeFixed in
github.comdarklynx_request-baskets0 – 1.2.1
rbasketsrequest_baskets<= 1.2.1

Detection & IOCsextracted from sources · hover to see the quote

url/api/baskets/{name}
commandPOST /api/baskets/{{bucketname}} HTTP/1.1 Host: {{Hostname}} Content-Type: application/json { "forward_url": "http://{{interactsh-url}}", "proxy_response": true, "insecure_tls": false, "expand_path": true, "capacity": 250 }
othershodan-query: http.html:"Request-Baskets"
otherfofa-query: body="Request-Baskets"
path/web
sigma
id: CVE-2023-27163
info:
  name: Request-Baskets <= 1.2.1 - Server Side Request Forgery
  author: Jaenact
  severity: medium
  description: |
    Request-Baskets <= 1.2.1 allows unauthenticated SSRF via the forward_url parameter when creating a new basket.
tags: cve,cve2023,ssrf,request-baskets,oast,proxy,vkev,vuln
  • Detect SSRF exploitation attempts by monitoring POST requests to /api/baskets/{name} containing a forward_url parameter pointing to internal/loopback addresses (e.g., 127.0.0.1, 169.254.x.x, 10.x.x.x).
  • Monitor for POST requests to /api/baskets/* with a JSON body containing "forward_url" set to internal RFC-1918 or loopback addresses, combined with "proxy_response": true.
  • Detect chained Maltrail command injection by monitoring POST requests to /login with a username parameter containing shell metacharacters (backtick or semicolon-prefixed commands).
  • Use Shodan/FOFA to identify exposed request-baskets instances by searching for the string 'Request-Baskets' in HTTP response bodies, then prioritize patching those on version <= 1.2.1.
  • Monitor for the presence of 'Request Baskets' in HTTP response bodies at the /web endpoint as an indicator of an exposed and potentially vulnerable instance.
  • ·The Nuclei template for CVE-2023-27163 uses a randomly generated bucket name (rand_base(7)) for each scan, so static basket name IOCs are not reliable for detection; focus on the forward_url parameter content instead.
  • ·The SSRF can be chained with other vulnerabilities on internal services (e.g., Maltrail unauthenticated OS command injection); detection must cover both the initial SSRF basket creation and subsequent forwarded requests to internal endpoints like /login.
  • ·The vulnerability is exploitable without authentication; any network-accessible request-baskets instance on version <= 1.2.1 is at risk regardless of authentication controls on other endpoints.

CVSS provenance

nvdv3.16.5MEDIUMCVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N
vulncheck6.5MEDIUM
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.