Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
The JSONP endpoint in the Studio component in OrientDB Server Community Edition before 2.0.15 and 2.1.x before 2.1.1 does not properly restrict callback values, which allows remote attackers to conduct cross-site request forgery (CSRF) attacks, and obtain sensitive information, via a crafted HTTP request.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
Orient OrientDB Server Community Edition Studio组件跨站请求伪造漏洞
Vulnerability Description
Orient OrientDB Server Community Edition是英国Orient公司的OrientDB(开源的NoSQL数据库管理系统)服务器的一个社区版。Studio是其中的一个web管理界面组件。 Orient OrientDB Server Community Edition 2.0.14及之前的版本和2.1.0版本中的Studio组件的JSONP终端中存在安全漏洞,该漏洞源于程序没有正确限制回调值。远程攻击者可通过发送特制的HTTP请求利用该漏洞实施跨站请求伪造攻击,获取敏感的信
CVSS Information
N/A
Vulnerability Type
N/A