CVE-2019-12161 · Vexday

CVE-2019-12161

EPSS 1.1%

WPO WebPageTest 19.04 allows SSRF because ValidateURL in www/runtest.php does not consider octal encoding of IP addresses (such as 0300.0250 as a replacement for 192.168).

Affected products

n/a · n/a

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

https://bugzilla.mozilla.org/show_bug.cgi?id=1550366