Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Bazarr Blind Server-Side Request Forgery (SSRF) in the /test/<protocol>/ endpoint
Vulnerability Description
Bazarr manages and downloads subtitles. In version 1.2.4, the proxy method in bazarr/bazarr/app/ui.py does not validate the user-controlled protocol and url variables and passes them to requests.get() without any sanitization, which leads to a blind server-side request forgery (SSRF). This issue allows for crafting GET requests to internal and external resources on behalf of the server. 1.3.1 contains a partial fix, which limits the vulnerability to HTTP/HTTPS protocols.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
Vulnerability Type
服务端请求伪造(SSRF)
Vulnerability Title
Bazarr 代码问题漏洞
Vulnerability Description
Bazarr是Bazarr公司的一款软件,是 Sonarr 和 Radarr 的配套应用程序,可根据您的要求管理和下载字幕。 Bazarr 1.2.4版本存在代码问题漏洞,该漏洞源于文件bazarr/bazarr/app/ui.py存在服务器请求伪造(SSRF)漏洞。
CVSS Information
N/A
Vulnerability Type
N/A