漏洞信息
尽管我们使用了先进的大模型技术,但其输出仍可能包含不准确或过时的信息。神龙努力确保数据的准确性,但请您根据实际情况进行核实和判断。
Vulnerability Title
OHIF Viewers DICOM Server-Side request forgery
Vulnerability Description
Two data sources (DICOMWebProxy and DICOMJSON) shipped in the default configuration fetch an arbitrary URL parameter without validation. A global authentication service in OHIF automatically injects the authenticated user's OIDC Bearer token into the resulting requests, sending it to the attacker-controlled server. DICOMweb data sources are not impacted.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N
Vulnerability Type
服务端请求伪造(SSRF)
Vulnerability Title
Open Health Imaging Foundation DICOM Web Viewer Framework 服务端请求伪造漏洞
Vulnerability Description
Open Health Imaging Foundation DICOM Web Viewer Framework是Open Health Imaging Foundation基金会的一款基于Web的医学影像DICOM浏览与可视化查看框架。 Open Health Imaging Foundation DICOM Web Viewer Framework v3.12.0及之前版本存在服务端请求伪造漏洞,该漏洞源于默认配置的两个数据源(DICOMWebProxy和DICOMJSON)未经验证地获取任意URL
CVSS Information
N/A
Vulnerability Type
N/A