CVE-2021-27329
📋 TL;DR
CVE-2021-27329 is a Server-Side Request Forgery (SSRF) vulnerability in Friendica's parse_url parameter that allows attackers to make DNS lookups or HTTP requests to arbitrary domain names. This affects Friendica 2021.01 installations, potentially exposing internal networks and services. Attackers can exploit this to scan internal infrastructure, access restricted resources, or pivot to other attacks.
💻 Affected Systems
- Friendica
📦 What is this software?
Frendica by Frendi
⚠️ Risk & Real-World Impact
Worst Case
Full internal network compromise through chained attacks, data exfiltration, or lateral movement to critical systems via exposed internal services.
Likely Case
Internal network reconnaissance, access to metadata services (like AWS/Azure instance metadata), or exploitation of other vulnerable internal applications.
If Mitigated
Limited to external resource scanning if proper network segmentation and egress filtering are implemented.
🎯 Exploit Status
Simple HTTP request manipulation required; exploit tools and scripts are publicly available in security communities.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: 2021.03 or later
Vendor Advisory: https://github.com/friendica/friendica/security/advisories/GHSA-xxxx-xxxx-xxxx
Restart Required: No
Instructions:
1. Backup your Friendica installation and database. 2. Update Friendica to version 2021.03 or later via git pull or package manager. 3. Verify the update completed successfully. 4. Clear any caches if applicable.
🔧 Temporary Workarounds
Disable parse_url functionality
allTemporarily disable the vulnerable parse_url parameter in Friendica configuration
Edit config/local.config.php and add: $a->config['system']['disable_parse_url'] = true;
Web Application Firewall rule
allBlock requests containing the vulnerable parameter pattern
Add WAF rule: deny if request_uri contains 'parse_url?binurl='
🧯 If You Can't Patch
- Implement strict network egress filtering to limit outbound connections from the Friendica server
- Deploy a reverse proxy with request validation to filter malicious parse_url requests
🔍 How to Verify
Check if Vulnerable:
Check if Friendica version is 2021.01 by examining version files or admin panelCheck Version:
grep -r 'FRIENDICA_VERSION' /path/to/friendica/ or check Admin Panel → Site InfoVerify Fix Applied:
Confirm version is 2021.03 or later and test that parse_url?binurl= parameter no longer allows arbitrary requests📡 Detection & Monitoring
Log Indicators:
- HTTP requests containing 'parse_url?binurl=' with external or internal IPs in logs
- Unusual outbound connections from Friendica server to unexpected destinations
Network Indicators:
- Outbound HTTP requests from Friendica server to internal network segments or metadata services
SIEM Query:
source="friendica_logs" AND "parse_url?binurl="