漏洞信息
尽管我们使用了先进的大模型技术,但其输出仍可能包含不准确或过时的信息。神龙努力确保数据的准确性,但请您根据实际情况进行核实和判断。
Vulnerability Title
Symbolicator Server Side Request Forgery vulnerability
Vulnerability Description
Symbolicator is a symbolication service for native stacktraces and minidumps with symbol server support. An attacker could make Symbolicator send arbitrary GET HTTP requests to internal IP addresses by using a specially crafted HTTP endpoint. The response could be reflected to the attacker if they have an account on Sentry instance. The issue has been fixed in the release 23.11.2.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
Vulnerability Type
服务端请求伪造(SSRF)
Vulnerability Title
Symbolicator 代码问题漏洞
Vulnerability Description
Symbolicator是用于本机堆栈跟踪和小型转储的符号服务,具有符号服务器支持。 Symbolicator 0.3.3到23.11.2版本存在代码问题漏洞,该漏洞源于攻击者可以使用特制的 HTTP 端点让 Symbolicator 向内部 IP 地址发送任意 GET HTTP 请求。
CVSS Information
N/A
Vulnerability Type
N/A