Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Improper authentication in the SOCKS5 inbound in sing-box
Vulnerability Description
Sing-box is an open source proxy system. Affected versions are subject to an authentication bypass when specially crafted requests are sent to sing-box. This affects all SOCKS5 inbounds with user authentication and an attacker may be able to bypass authentication. Users are advised to update to sing-box 1.4.4 or to 1.5.0-rc.4. Users unable to update should not expose the SOCKS5 inbound to insecure environments.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H
Vulnerability Type
关键功能的认证机制缺失
Vulnerability Title
sing-box 访问控制错误漏洞
Vulnerability Description
sing-box是Project S开源的一个通用代理平台。 Sing-box 1.5.0-rc.5之前版本存在访问控制错误漏洞,该漏洞源于允许攻击者绕过身份验证。
CVSS Information
N/A
Vulnerability Type
N/A