VDB
KO

PYSEC-2026-577

rok Python ProxyShare can be used as an SSRF proxy through absolute URL paths

Details

## Summary

Alice exposes a Python SDK `ProxyShare` with a fixed target URL. Bob sends a request to the share with an absolute URL in the path. The Flask handler passes that path to `urllib.parse.urljoin`, which replaces Alice's configured target host with Bob's host and returns the server-side response to Bob.

## Details The Python SDK proxy route accepts every path under the share:

```python @app.route('/', defaults={'path': ''}, methods=['GET', 'POST', 'PUT', 'DELETE', 'PATCH', 'OPTIONS']) @app.route('/<path:path>', methods=['GET', 'POST', 'PUT', 'DELETE', 'PATCH', 'OPTIONS']) def proxy(path): ```

It constructs the outbound URL with `urljoin` and then sends the request:

```python url = urllib.parse.urljoin(self.target, path) resp = requests.request( method=request.method, url=url, headers={key: value for (key, value) in request.headers if key.lower() not in HOP_BY_HOP_HEADERS}, data=request.get_data(), cookies=request.cookies, allow_redirects=False, stream=True, verify=self.verify_ssl ) ```

When `path` is `[http://127.0.0.1:19190/metadata`](http://127.0.0.1:19190/metadata%60), `urljoin(self.target, path)` returns `[http://127.0.0.1:19190/metadata`](http://127.0.0.1:19190/metadata%60). The proxy sends the request to Bob's chosen URL rather than Alice's target.

Are you affected?

Enter the version of the package you're using.

Affected packages

PyPI / zrok
Introduced in: 0.4.47

No fixed version published yet for zrok (pip). Pin to a known-safe version or switch to an alternative.

References