漏洞信息
尽管我们使用了先进的大模型技术,但其输出仍可能包含不准确或过时的信息。神龙努力确保数据的准确性,但请您根据实际情况进行核实和判断。
Vulnerability Title
PinchTab has Blind SSRF via browser-side redirect bypass in /download URL validation
Vulnerability Description
PinchTab is a standalone HTTP server that gives AI agents direct control over a Chrome browser. Versions 0.8.2 and below have a Blind SSRF vulnerability in the /download endpoint. The validateDownloadURL() function only checks the initial user-supplied URL, but the embedded Chromium browser can follow attacker-controlled redirects/navigations to internal network addresses after validation. Exploitation requires security.allowDownload=true (disabled by default), limiting real-world impact. An attacker-controlled page can use JavaScript redirects or resource requests to make the browser reach internal services from the PinchTab host, resulting in a blind Server-Side Request Forgery (SSRF) condition against internal-only services. The issue has been patched in version 0.8.3.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:N
Vulnerability Type
服务端请求伪造(SSRF)
Vulnerability Title
pinchtab 代码问题漏洞
Vulnerability Description
pinchtab是Pinchtab开源的一个AI代理浏览器控制工具。 PinchTab 0.8.2及之前版本存在代码问题漏洞,该漏洞源于/download端点存在盲服务端请求伪造,可能导致访问内部网络服务。
CVSS Information
N/A
Vulnerability Type
N/A