Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Server-Side Request Forgery vulnerability in misskey
Vulnerability Description
Misskey is an open source, decentralized microblogging platform. In affected versions a Server-Side Request Forgery vulnerability exists in "Upload from URL" and remote attachment handling. This could result in the disclosure of non-public information within the internal network. This has been fixed in 12.90.0. However, if you are using a proxy, you will need to take additional measures. As a workaround this exploit may be avoided by appropriately restricting access to private networks from the host where the application is running.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N
Vulnerability Type
服务端请求伪造(SSRF)
Vulnerability Title
Misskey 代码问题漏洞
Vulnerability Description
Misskey是一套微型博客平台。 Misskey存在代码问题漏洞,该漏洞源于软件中“从URL上传”和远程附件处理存在服务器端请求伪造漏洞。这可能导致内部网络的非公开信息的泄露。
CVSS Information
N/A
Vulnerability Type
N/A