Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Server-Side Request Forgery (SSRF) and URL Redirection to Untrusted Site ('Open Redirect') in alltube
Vulnerability Description
alltube is an html front end for youtube-dl. On releases prior to 3.0.3, an attacker could craft a special HTML page to trigger either an open redirect attack or a Server-Side Request Forgery attack (depending on how AllTube is configured). The impact is mitigated by the fact the SSRF attack is only possible when the `stream` option is enabled in the configuration. (This option is disabled by default.) 3.0.3 contains a fix for this vulnerability.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
Vulnerability Type
指向未可信站点的URL重定向(开放重定向)
Vulnerability Title
AllTube Download 代码问题漏洞
Vulnerability Description
AllTube Download是Pierre Rudloff个人开发者的一个 Youtube-dl 的 Web Gui。 AllTube Download 存在代码问题漏洞,该漏洞源于Alltube在配置中启用了“stream”选项时,跨站请求伪造攻击才可能发生在youtube-dl的HTML前端。攻击者可利用该漏洞创建一个特殊的HTML页面来触发打开重定向攻击或服务器端请求伪造攻击(取决于AllTube的配置方式)。
CVSS Information
N/A
Vulnerability Type
N/A