CVE-2023-51074
Server-Side Request Forgery (SSRF) vulnerability in json-path (Maven)
What is CVE-2023-51074 About?
This vulnerability allows a malicious user to access internal HTTP(s) servers. In severe cases, particularly in cloud environments like AWS, this could lead to remote code execution on the victim machine. Its exploitation depends on the specific setup and exposed services.
Affected Software
Technical Details
The vulnerability is a Server-Side Request Forgery (SSRF) flaw. An attacker can craft requests that cause the server to make arbitrary requests to internal network resources. By manipulating the input parameters of a web application, an attacker can specify a URL that the server will fetch. This allows them to bypass firewall rules and access services that are not exposed externally, such as internal HTTP(s) servers, metadata services (e.g., AWS EC2 metadata service at 169.254.169.254), or other sensitive endpoints. If the internal server provides an interface for code execution or has other exploitable vulnerabilities, the SSRF can be escalated to remote code execution.
What is the Impact of CVE-2023-51074?
Successful exploitation may allow attackers to perform port scanning, enumerate internal services, access sensitive data, or potentially achieve remote code execution on internal systems, bypassing network perimeter defenses.
What is the Exploitability of CVE-2023-51074?
Exploitation complexity varies depending on the specific application and target environment. It requires an attacker to identify an input vector that the server uses to construct and make outgoing requests. No authentication is strictly required for the initial SSRF vector, but access to a web interface that processes URL-like inputs is necessary. Privilege requirements are low, as the attacker leverages the server's privileges. This is typically a remote vulnerability. Special conditions could include the presence of an internal web server with known vulnerabilities or a cloud environment's metadata service. The likelihood of exploitation increases in environments where internal services are not properly segmented or endpoints for server-side requests are not adequately validated.
What are the Known Public Exploits?
| PoC Author | Link | Commentary |
|---|---|---|
| No known exploits | ||
What are the Available Fixes for CVE-2023-51074?
Available Upgrade Options
- com.jayway.jsonpath:json-path
- >2.2.0, <2.9.0 → Upgrade to 2.9.0
Struggling with dependency upgrades?
See how Resolved Security's drop-in replacements make it simple.
Book a demoAdditional Resources
- https://osv.dev/vulnerability/GHSA-pfh2-hfmq-phg5
- https://github.com/json-path/JsonPath
- https://github.com/json-path/JsonPath/issues/973
- https://github.com/json-path/JsonPath/releases/tag/json-path-2.9.0
- https://nvd.nist.gov/vuln/detail/CVE-2023-51074
- https://github.com/json-path/JsonPath/commit/71a09c1193726c010917f1157ecbb069ad6c3e3b
- https://github.com/json-path/JsonPath/issues/973
What are Similar Vulnerabilities to CVE-2023-51074?
Similar Vulnerabilities: CVE-2021-26855 , CVE-2020-5902 , CVE-2019-10022 , CVE-2019-16782 , CVE-2017-7657
