Oscar Franco

1 exploit Active since May 2026
CVE-2026-43897 WRITEUP HIGH WRITEUP
Link Preview JS: vunerable to IPv6 and internal loopback attacks
Link Preview JS extracts web links information. Prior to 4.0.1, the library did not check for IPv6 loopback attacks. There was also a DNS attack, where an address could be resolved into an internal IP. This could cause internal data leaks. This vulnerability is fixed in 4.0.1.