DEV Community

CVE Reports
CVE Reports

Posted on • Originally published at cvereports.com

GHSA-5HR4-253G-CPX2: GHSA-5hr4-253g-cpx2: Server-Side Request Forgery in web3.py via CCIP Read

#security #cve #cybersecurity #ghsa

GHSA-5hr4-253g-cpx2: Server-Side Request Forgery in web3.py via CCIP Read

Vulnerability ID: GHSA-5HR4-253G-CPX2
CVSS Score: 4.0
Published: 2026-04-04

A Server-Side Request Forgery (SSRF) vulnerability exists in the web3.py library due to the default-enabled implementation of EIP-3668 (CCIP Read). The library performs unvalidated HTTP GET and POST requests to URLs supplied by untrusted smart contracts during OffchainLookup revert operations.

TL;DR

web3.py automatically resolves CCIP Read requests by default, failing to validate destination URLs returned by smart contracts. This allows malicious contracts to force the hosting server to make arbitrary HTTP requests to internal networks or cloud metadata services.

⚠️ Exploit Status: POC

Technical Details

  • Vulnerability Type: Server-Side Request Forgery (SSRF)
  • CWE ID: CWE-918
  • CVSS v4.0 Score: 4.0 (Medium)
  • Attack Vector: Network
  • Exploitation Status: Proof of Concept Available
  • Primary Impact: Internal network probing and potential cloud metadata exposure

Affected Systems

  • web3 >= 6.0.0b3, < 7.15.0
  • web3 == 8.0.0b1
  • web3: >= 6.0.0b3, < 7.15.0 (Fixed in: 7.15.0)
  • web3: == 8.0.0b1 (Fixed in: 8.0.0b2)

Exploit Details

  • GitHub Security Advisory: Proof of concept demonstrates blind SSRF capabilities against a local port via malicious transaction payloads.

Mitigation Strategies

  • Upgrade web3.py to version 7.15.0 or 8.0.0b2.
  • Globally disable CCIP Read by setting Web3.global_ccip_read_enabled = False.
  • Implement strict egress network filtering to block access to RFC1918 internal IP ranges and link-local cloud metadata endpoints.
  • Run the application in a hardened, isolated environment without access to sensitive internal services.

Remediation Steps:

  1. Identify all projects utilizing the web3 package.
  2. Update the package dependencies in requirements.txt or pyproject.toml to strictly require web3>=7.15.0.
  3. If upgrading is blocked by backwards compatibility, deploy the hotfix by injecting 'Web3.global_ccip_read_enabled = False' into the application startup routine.
  4. Review network firewall rules and ensure the server running the web3 application cannot route traffic to 169.254.169.254 or internal administrative interfaces.

References

Read the full report for GHSA-5HR4-253G-CPX2 on our website for more details including interactive diagrams and full exploit analysis.

Top comments (0)