Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Authenticated PostHog users vulnerable to SSRF
Vulnerability Description
PostHog provides open-source product analytics, session recording, feature flagging and A/B testing that you can self-host. A server-side request forgery (SSRF), which can only be exploited by authenticated users, was found in Posthog. Posthog did not verify whether a URL was local when enabling webhooks, allowing authenticated users to forge a POST request. This vulnerability has been addressed in `22bd5942` and will be included in subsequent releases. There are no known workarounds for this vulnerability.
CVSS Information
CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L
Vulnerability Type
服务端请求伪造(SSRF)
Vulnerability Title
PostHog 代码问题漏洞
Vulnerability Description
PostHog是PostHog开源的一个一体化的开源平台。 PostHog 存在代码问题漏洞,该漏洞源于在启用 Webhook 时不会验证 URL 是否是本地的,从而允许经过身份验证的用户伪造 POST 请求。
CVSS Information
N/A
Vulnerability Type
N/A