Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Open Redirect in tenancy
Vulnerability Description
Tenancy multi-tenant is an open source multi-domain controller for the Laravel web framework. In some situations, it is possible to have open redirects where users can be redirected from your site to any other site using a specially crafted URL. This is only the case for installations where the default Hostname Identification is used and the environment uses tenants that have `force_https` set to `true` (default: `false`). Version 5.7.2 contains the relevant patches to fix this bug. Stripping the URL from special characters to prevent specially crafted URL's from being redirected to. As a work around users can set the `force_https` to every tenant to `false`, however this may degrade connection security.
CVSS Information
N/A
Vulnerability Type
指向未可信站点的URL重定向(开放重定向)
Vulnerability Title
Tenancy multi-tenant 输入验证错误漏洞
Vulnerability Description
Tenancy multi-tenant是一个开源的多域控制器 Tenancy multi-tenant 存在安全漏洞,该漏洞源于程序在某些情况下,可能会有开放的重定向,攻击者可以使用特制的URL将用户的站点重定向到任何其他站点。
CVSS Information
N/A
Vulnerability Type
N/A