CVE-2023-27163: 
vulnerability analysis and mitigation

Request-baskets up to version 1.2.1 contains a Server-Side Request Forgery (SSRF) vulnerability via the component /api/baskets/{name}. The vulnerability (CVE-2023-27163) allows attackers to access network resources and sensitive information through crafted API requests without requiring authentication (NVD, GitHub Advisory).

The vulnerability exists in two API endpoints: /api/baskets/{name} and /baskets/{name}, which are vulnerable to unauthenticated SSRF attacks via the forwardurl parameter. The CVSS v3.1 base score is 6.5 (Medium) with vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N. The exploit can be triggered by sending a POST request to the affected endpoints with a crafted JSON payload containing a malicious forwardurl parameter (SJTU Notes).

The vulnerability can lead to several security implications: 1) Information disclosure and data exfiltration from internal resources, 2) Unauthenticated access to internal network HTTP servers including internal RESTful APIs, NoSQL databases, and GraphQL databases, 3) Port and IP scanning capabilities for both internal and external services, enabling enumeration of machines in the local network with open HTTP ports (SJTU Notes).

Users should upgrade to a version newer than 1.2.1 to address this vulnerability. The issue has been fixed in subsequent releases of the request-baskets software (GitHub Repository).