Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
Webswing before 22.1.3 allows X-Forwarded-For header injection. The client IP address is associated with a variable in the configuration page. The {clientIp} variable can be used as an application startup argument. The X-Forwarded-For header can be manipulated by a client to store an arbitrary value that is used to replace the clientIp variable (without sanitization). A client can thus inject multiple arguments into the session startup. Systems that do not use the clientIP variable in the configuration are not vulnerable. The vulnerability is fixed in these versions: 20.1.16, 20.2.19, 21.1.8, 21.2.12, and 22.1.3.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
Webswing 注入漏洞
Vulnerability Description
Webswing是Webswing公司的一个专门的 Web 服务器,用于在 Web 浏览器中运行基于 Java Swing 和 JavaFX 的应用程序。 Webswing 22.1.3之前版本存在安全漏洞,该漏洞源于允许 X-Forwarded-For header注入。
CVSS Information
N/A
Vulnerability Type
N/A