Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
RSSHub is vulnerable to SSRF (Server-Side Request Forgery)
Vulnerability Description
RSSHub is an open source RSS feed generator. RSSHub is vulnerable to Server-Side Request Forgery (SSRF) attacks. This vulnerability allows an attacker to send arbitrary HTTP requests from the server to other servers or resources on the network. An attacker can exploit this vulnerability by sending a request to the affected routes with a malicious URL. An attacker could also use this vulnerability to send requests to internal or any other servers or resources on the network, potentially gain access to sensitive information that would not normally be accessible and amplifying the impact of the attack. The patch for this issue can be found in commit a66cbcf.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:L
Vulnerability Type
服务端请求伪造(SSRF)
Vulnerability Title
RSSHub 代码问题漏洞
Vulnerability Description
RSSHub是由Node.js编写的RSS源生成器,在MIT许可证下发行,由DIYgod及其他GitHub用户维护。 RSSHub存在代码问题漏洞,该漏洞源于容易受到服务器端请求伪造(SSRF)攻击,允许攻击者从服务器向网络上的其他服务器或资源发送任意HTTP请求,从而有可能获得通常无法访问的敏感信息。
CVSS Information
N/A
Vulnerability Type
N/A