漏洞信息
尽管我们使用了先进的大模型技术,但其输出仍可能包含不准确或过时的信息。神龙努力确保数据的准确性,但请您根据实际情况进行核实和判断。
Vulnerability Title
Kirby: Request header injection in `Http\Remote`
Vulnerability Description
Kirby is an open-source content management system. Prior to 4.9.4 and 5.4.4, Kirby sites and plugins using the Kirby Http Remote class, including Remote::request(), Remote::get(), and Remote::post(), to send outgoing HTTP requests with untrusted data in the headers option could allow newline characters in a header value to inject a separate unintended request header to the remote service. This issue is fixed in versions 4.9.4 and 5.4.4.
CVSS Information
N/A
Vulnerability Type
对CRLF序列的转义处理不恰当(CRLF注入)
Vulnerability Title
getkirby kirby 输入验证错误漏洞
Vulnerability Description
getkirby Kirby是getkirby个人开发者开源的一套基于文件的内容管理系统。 getkirby kirby 4.9.4之前版本和5.4.4之前版本存在输入验证错误漏洞,该漏洞源于使用Kirby Http Remote类发送包含不可信数据的标头选项的发出HTTP请求时,标头值中的换行符可能将单独的意外请求标头注入远程服务。
CVSS Information
N/A
Vulnerability Type
N/A