漏洞信息
尽管我们使用了先进的大模型技术,但其输出仍可能包含不准确或过时的信息。神龙努力确保数据的准确性,但请您根据实际情况进行核实和判断。
Vulnerability Title
AutoBangumi < 3.2.8 - SSRF via /api/v1/setup/test-downloader
Vulnerability Description
AutoBangumi before 3.2.8 contains a server-side request forgery (SSRF) vulnerability that allows unauthenticated remote attackers to probe internal network services by supplying arbitrary host values to an unprotected setup endpoint. Attackers can send requests to the POST /api/v1/setup/test-downloader endpoint during the initial setup window, causing the server to issue HTTP GET requests to internal or reserved addresses and leak information through echoed connection-error messages.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N
Vulnerability Type
服务端请求伪造(SSRF)
Vulnerability Title
EstrellaXD AutoBangumi 服务端请求伪造漏洞
Vulnerability Description
EstrellaXD AutoBangumi是EstrellaXD个人开发者的一款自动化追番与下载整理工具。 EstrellaXD AutoBangumi 3.2.8之前版本存在服务端请求伪造漏洞,该漏洞源于未受保护的setup端点允许传递任意主机值,导致服务器端请求伪造(SSRF),可能允许未经身份验证的远程攻击者在初始设置窗口期间向POST /api/v1/setup/test-downloader端点发送请求,从而探测内部网络服务并通过回显连接错误消息泄露信息。
CVSS Information
N/A
Vulnerability Type
N/A