Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Symbolicator Server Side Request Forgery vulnerability
Vulnerability Description
Symbolicator is a symbolication service for native stacktraces and minidumps with symbol server support. An attacker could make Symbolicator send arbitrary GET HTTP requests to internal IP addresses by using a specially crafted HTTP endpoint. The response could be reflected to the attacker if they have an account on Sentry instance. The issue has been fixed in the release 23.11.2.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
Vulnerability Type
服务端请求伪造(SSRF)
Vulnerability Title
Symbolicator 代码问题漏洞
Vulnerability Description
Symbolicator是用于本机堆栈跟踪和小型转储的符号服务,具有符号服务器支持。 Symbolicator 0.3.3到23.11.2版本存在代码问题漏洞,该漏洞源于攻击者可以使用特制的 HTTP 端点让 Symbolicator 向内部 IP 地址发送任意 GET HTTP 请求。
CVSS Information
N/A
Vulnerability Type
N/A