漏洞信息
尽管我们使用了先进的大模型技术,但其输出仍可能包含不准确或过时的信息。神龙努力确保数据的准确性,但请您根据实际情况进行核实和判断。
Vulnerability Title
N/A
Vulnerability Description
Droppy versions <3.5.0 does not perform any verification for cross-domain websocket requests. An attacker is able to make a specially crafted page that can send requests as the context of the currently logged in user. For example this means the malicious user could add a new admin account under his control and delete others.
CVSS Information
N/A
Vulnerability Type
跨站请求伪造(CSRF)
Vulnerability Title
Droppy 安全漏洞
Vulnerability Description
Droppy是一款自托管的文件存储服务器,它支持在浏览器中查看媒体文件。 Droppy 3.5.0之前版本中存在安全漏洞,该漏洞源于程序没有验证跨域的websocket请求。攻击者可借助特制的网站发送请求利用该漏洞执行任意操作(例如:删除其他用户)。
CVSS Information
N/A
Vulnerability Type
N/A