Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Server-Side Request Forgery (SSRF) in chatwoot/chatwoot
Vulnerability Description
A Server-Side Request Forgery (SSRF) vulnerability was discovered in chatwoot/chatwoot, affecting all versions prior to 2.5.0. The vulnerability allows an attacker to upload an SVG file containing a malicious SSRF payload. When the SVG file is used as an avatar and opened in a new tab, it can trigger the SSRF, potentially leading to host redirection.
CVSS Information
N/A
Vulnerability Type
服务端请求伪造(SSRF)
Vulnerability Title
Chatwoot 代码问题漏洞
Vulnerability Description
Chatwoot是Chatwoot开源的一个应用软件。客户参与套件,对讲、Zendesk、Salesforce 服务云等的开源替代方案。 Chatwoot 2.5.0之前版本存在代码问题漏洞,该漏洞源于存在服务器端请求伪造(SSRF)漏洞,允许攻击者上传包含恶意SSRF负载的SVG文件,可能导致主机重定向。
CVSS Information
N/A
Vulnerability Type
N/A