Analysis and contextual insights are available on OpenCVE Cloud.
No vendor fix or workaround currently provided.
Additional remediation guidance may be available on OpenCVE Cloud.
Tracking
Sign in to view the affected projects.
| Source | ID | Title |
|---|---|---|
Github GHSA |
GHSA-jh67-hwqw-m5r7 | rok Python ProxyShare can be used as an SSRF proxy through absolute URL paths |
Fri, 17 Jul 2026 14:30:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Metrics |
ssvc
|
Thu, 16 Jul 2026 19:00:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| First Time appeared |
Openziti
Openziti zrok |
|
| Vendors & Products |
Openziti
Openziti zrok |
Thu, 16 Jul 2026 17:00:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Description | zrok is software for sharing web services, files, and network resources. Prior to 2.0.3, zrok's Python SDK ProxyShare Flask proxy route accepts an absolute URL in the request path and passes it to urllib.parse.urljoin, allowing the requested path to replace the configured target host and causing requests.request to return a server-side response from an attacker-chosen URL. This issue is fixed in version 2.0.3. | |
| Title | zrok Python ProxyShare can be used as an SSRF proxy through absolute URL paths | |
| Weaknesses | CWE-22 | |
| References |
| |
| Metrics |
cvssV4_0
|
Status: PUBLISHED
Assigner: GitHub_M
Published:
Updated: 2026-07-17T14:02:59.013Z
Reserved: 2026-05-12T19:00:14.600Z
Link: CVE-2026-45568
Updated: 2026-07-17T14:02:45.423Z
No data.
No data.
OpenCVE Enrichment
Updated: 2026-07-17T03:45:04Z
Github GHSA