Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
A Server-Side Request Forgery (SSRF) vulnerability exists in MicroStrategy Web SDK 11.1 and earlier, allows remote unauthenticated attackers to conduct a server-side request forgery (SSRF) attack via the srcURL parameter to the shortURL task.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
MicroStrategy Web SDK 代码问题漏洞
Vulnerability Description
MicroStrategy Web SDK是美国MicroStrategy公司的一个 JavaScript 库。与不同的 CARTO API 交互,以在 deck.gl 之上构建利用矢量渲染的自定义应用程序。 MicroStrategy Web SDK 11.1 版本及其之前版本存在安全漏洞,该漏洞源于srcURL缺少对于身份的验证和数据过滤。未经身份验证的攻击者利用该漏洞可以通过 srcURL 参数对 shortURL 任务进行服务器端请求伪造 (SSRF) 攻击
CVSS Information
N/A
Vulnerability Type
N/A