漏洞信息
尽管我们使用了先进的大模型技术,但其输出仍可能包含不准确或过时的信息。神龙努力确保数据的准确性,但请您根据实际情况进行核实和判断。
Vulnerability Title
N/A
Vulnerability Description
The private_address_check ruby gem before 0.4.0 is vulnerable to a bypass due to use of Ruby's Resolv.getaddresses method, which is OS-dependent and should not be relied upon for security measures, such as when used to blacklist private network addresses to prevent server-side request forgery.
CVSS Information
N/A
Vulnerability Type
使用内在危险函数
Vulnerability Title
private_address_check ruby gem 安全漏洞
Vulnerability Description
private_address_check ruby gem是一款基于Ruby的服务器端请求伪造攻击检查工具。 private_address_check ruby gem 0.4.0之前的版本中存在安全漏洞,该漏洞源于程序使用了Ruby的Resolv.getaddresses方法。攻击者可利用该漏洞绕过客户端请求伪造过滤器。
CVSS Information
N/A
Vulnerability Type
N/A