DSSRF is a Node.js library that provides a wide range of utilities and advanced SSRF defense checks. Prior to 1.3.0, every IPv6 category bypasses is_url_safe. This vulnerability is fixed in 1.3.0.

Metrics

Attack Vector Network

Attack Complexity Low

Privileges Required None

Attack Requirements None

User Interaction None

Vulnerable System Confidentiality Impact None

Vulnerable System Integrity Impact High

Vulnerable System Availability Impact None

Subsequent System Confidentiality Impact None

Subsequent System Integrity Impact None

Subsequent System Availability Impact None

No CVSS v3.1

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Affected Vendors & Products

Vendors Products
Hackingrepo
  • Dssrf-js

No data.

No data.

References
Link Providers
https://www.spirityenterprise.com/virtual-ciso spirity
https://github.com/HackingRepo/dssrf-js/security/advisories/GHSA-8p33-q827-ghj5 cve-icon cve-icon
History

Wed, 13 May 2026 11:00:00 +0000

Type Values Removed Values Added
First Time appeared Hackingrepo
Hackingrepo dssrf-js
Vendors & Products Hackingrepo
Hackingrepo dssrf-js

Tue, 12 May 2026 21:00:00 +0000

Type Values Removed Values Added
Description DSSRF is a Node.js library that provides a wide range of utilities and advanced SSRF defense checks. Prior to 1.3.0, every IPv6 category bypasses is_url_safe. This vulnerability is fixed in 1.3.0.
Title dssrf: every IPv6 category bypasses is_url_safe
Weaknesses CWE-791
References
Metrics cvssV4_0

{'score': 8.7, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N'}
cve-icon MITRE

Status: PUBLISHED

Assigner: GitHub_M

Published:

Updated: 2026-05-12T20:28:56.918Z

Reserved: 2026-05-05T15:42:40.518Z

Link: CVE-2026-44232

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Received

Published: 2026-05-12T21:16:16.270

Modified: 2026-05-12T21:16:16.270

Link: CVE-2026-44232

cve-icon Redhat

No data.