private_address_check contains Incomplete List of Disallowed Inputs
        
  High severity
        
          GitHub Reviewed
      
        Published
          Nov 30, 2017 
          to the GitHub Advisory Database
          •
          Updated Jan 20, 2023 
      
  
Description
        Published to the GitHub Advisory Database
      Nov 30, 2017 
    
  
        Reviewed
      Jun 16, 2020 
    
  
        Last updated
      Jan 20, 2023 
    
  
The private_address_check ruby gem before 0.4.1 is vulnerable to a bypass due to an incomplete blacklist of common private/local network addresses used to prevent server-side request forgery.
References