漏洞信息
尽管我们使用了先进的大模型技术,但其输出仍可能包含不准确或过时的信息。神龙努力确保数据的准确性,但请您根据实际情况进行核实和判断。
Vulnerability Title
Server-side Request Forgery (SSRF)
Vulnerability Description
The package github.com/hoppscotch/proxyscotch before 1.0.0 are vulnerable to Server-side Request Forgery (SSRF) when interceptor mode is set to proxy. It occurs when an HTTP request is made by a backend server to an untrusted URL submitted by a user. It leads to a leakage of sensitive information from the server.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Vulnerability Type
N/A
Vulnerability Title
proxyscotch 代码问题漏洞
Vulnerability Description
proxyscotch是一个简单的代理服务器。 proxyscotch 1.0.0之前版本存在安全漏洞,该漏洞容易受到服务器端请求伪造(SSRF)的攻击。当后端服务器向用户提交的不受信任的URL发出HTTP请求时,就会触发该漏洞,从而导致服务器的敏感信息泄露。
CVSS Information
N/A
Vulnerability Type
N/A