Alerts
Events
DCR
Explore Cyware Products
Alerts
Events
DCR
Go to listing page
Netlify vulnerable to XSS, SSRF attacks via cache poisoning
Malware and Vulnerabilities
September 26, 2022
The Daily Swig
The security flaw, tracked as CVE-2022-39239, allowed an attacker to bypass the source image domain allowlist by sending specially crafted headers, causing the handler to load and return arbitrary images.
Read More
Netlify
cross-site scripting (XSS)
Cache Poisoning Attack
source image domain allowlist
SVG file
Publisher
Previous
Ukraine: SSU dismantled cyber gang that stole 30 millio ...
Incident Response, Learnings
Next
APT41 spear-phishing, supply chain campaigns target pha ...
Threat Intel & Info Sharing
/https://cyware-ent.s3.amazonaws.com/image_bank/0fcd_shutterstock_1331092814.jpg)
/https://cyware-ent.s3.amazonaws.com/image_bank/8312_shutterstock_1562768311.jpeg)
