Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Server-side Request Forgery (SSRF)
Vulnerability Description
The package github.com/hoppscotch/proxyscotch before 1.0.0 are vulnerable to Server-side Request Forgery (SSRF) when interceptor mode is set to proxy. It occurs when an HTTP request is made by a backend server to an untrusted URL submitted by a user. It leads to a leakage of sensitive information from the server.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Vulnerability Type
N/A
Vulnerability Title
proxyscotch 代码问题漏洞
Vulnerability Description
proxyscotch是一个简单的代理服务器。 proxyscotch 1.0.0之前版本存在安全漏洞,该漏洞容易受到服务器端请求伪造(SSRF)的攻击。当后端服务器向用户提交的不受信任的URL发出HTTP请求时,就会触发该漏洞,从而导致服务器的敏感信息泄露。
CVSS Information
N/A
Vulnerability Type
N/A