漏洞信息
尽管我们使用了先进的大模型技术,但其输出仍可能包含不准确或过时的信息。神龙努力确保数据的准确性,但请您根据实际情况进行核实和判断。
Vulnerability Title
LibreTranslate - IP Spoofing via X-Forwarded-For Header
Vulnerability Description
LibreTranslate through 1.9.7, fixed in commit 397fd22, contains an IP spoofing vulnerability in the get_remote_address() function that allows unauthenticated attackers to spoof client IP addresses by injecting arbitrary values into the X-Forwarded-For header without trusted proxy validation. Attackers can bypass per-IP rate limiting and flood bans by supplying forged addresses in the X-Forwarded-For header to enable unlimited API abuse.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
Vulnerability Type
使用不可信的源
Vulnerability Title
LibreTranslate 信任管理问题漏洞
Vulnerability Description
LibreTranslate LibreTranslate是LibreTranslate社区的一款自由开源的翻译软件。 LibreTranslate 1.9.7及之前版本存在信任管理问题漏洞,该漏洞源于get_remote_address()函数存在IP欺骗漏洞,未经身份验证的攻击者可通过在X-Forwarded-For标头中注入任意值来欺骗客户端IP地址,从而绕过每IP速率限制和洪水封禁,导致无限制的API滥用。
CVSS Information
N/A
Vulnerability Type
N/A