Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
ArangoDB - Blind SSRF when Downloading Foxx Service from URL
Vulnerability Description
In ArangoDB, versions v3.7.0 through v3.9.0-alpha.1 have a feature which allows downloading a Foxx service from a publicly available URL. This feature does not enforce proper filtering of requests performed internally, which can be abused by a highly-privileged attacker to perform blind SSRF and send internal requests to localhost.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:N
Vulnerability Type
服务端请求伪造(SSRF)
Vulnerability Title
ArangoDB 代码问题漏洞
Vulnerability Description
ArangoDB是ArangoDB GmbH的一款NoSQL数据库系统 ArangoDB v3.7.0 至 v3.9.0-alpha.1版本存在代码问题漏洞,该漏洞源于系统有一个从公开的URL下载Foxx服务的功能,但此功能不会强制对内部执行的请求进行适当的过滤,攻击者可利用该漏洞滥用此功能,以执行盲SSRF并向本地主机发送内部请求。
CVSS Information
N/A
Vulnerability Type
N/A