Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
FrostWire version <= frostwire-desktop-6.7.4-build-272 contains a XML External Entity (XXE) vulnerability in Man in the middle on update that can result in Disclosure of confidential data, denial of service, SSRF, port scanning. This attack appear to be exploitable via Man in the middle the call to update the software.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
FrostWire 安全漏洞
Vulnerability Description
FrostWire是一款云下载器,它支持在线搜索、播放和下载等功能。 FrostWire frostwire-desktop-6.7.4-build-272及之前版本中的UpdateMessageReader.java文件存在XML外部实体注入漏洞。攻击者可通过实施中间人攻击利用该漏洞泄露敏感数据,造成拒绝服务,实施服务器端请求伪造攻击或扫描端口。
CVSS Information
N/A
Vulnerability Type
N/A