cbcvebase.
CVE-2023-30019
published 2023-05-08

CVE-2023-30019: imgproxy <=3.14.0 is vulnerable to Server-Side Request Forgery (SSRF) due to a lack of sanitization of the imageURL parameter.

PriorityP337medium5.3CVSS 3.1
AVNACLPRNUINSUCLINAN
EXPLOIT
EPSS
2.21%
80.4th percentile
imgproxy <=3.14.0 is vulnerable to Server-Side Request Forgery (SSRF) due to a lack of sanitization of the imageURL parameter.

Affected

2 ranges
VendorProductVersion rangeFixed in
evilmartiansimgproxy<= 3.14.0
github.comimgproxy_imgproxy_v3>= 0 < 3.15.03.15.0

Detection & IOCsextracted from sources · hover to see the quote

url{{BaseURL}}/111/rs:fit:400:400:0:0/plain/http://{{interactsh-url}}
path/111/rs:fit:400:400:0:0/plain/http://
  • Send a GET request to the imgproxy path pattern /111/rs:fit:400:400:0:0/plain/http://<oast-url> and look for HTTP 422 response status combined with the string 'Invalid source image' in the response body — this confirms the SSRF probe was processed.
  • Identify exposed imgproxy instances via Shodan using the banner 'Server: imgproxy' or 'server: imgproxy'.
  • The SSRF is triggered via the unsanitized imageURL parameter embedded in the plain/ path segment of imgproxy requests.
  • ·The exploit path uses an OAST/interactsh callback URL to confirm out-of-band SSRF; a DNS/HTTP interaction callback is required to confirm exploitation in blind scenarios.
  • ·The vulnerability affects imgproxy versions up to and including 3.14.0 only.
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.