Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
micronaut-core management endpoints vulnerable to drive-by localhost attack
Vulnerability Description
Micronaut Framework is a modern, JVM-based, full stack Java framework designed for building modular, easily testable JVM applications with support for Java, Kotlin and the Groovy language. Enabled but unsecured management endpoints are susceptible to drive-by localhost attacks. While not typical of a production application, these attacks may have more impact on a development environment where such endpoints may be flipped on without much thought. A malicious/compromised website can make HTTP requests to `localhost`. Normally, such requests would trigger a CORS preflight check which would prevent the request; however, some requests are "simple" and do not require a preflight check. These endpoints, if enabled and not secured, are vulnerable to being triggered. Production environments typically disable unused endpoints and secure/restrict access to needed endpoints. A more likely victim is the developer in their local development host, who has enabled endpoints without security for the sake of easing development. This issue has been addressed in version 3.8.3. Users are advised to upgrade.
CVSS Information
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L
Vulnerability Type
系统设置或配置在外部可控制
Vulnerability Title
Micronaut Framework 安全漏洞
Vulnerability Description
Micronaut Framework是Micronaut基金会的一个基于 JVM 的现代全栈 Java 框架。 Micronaut Framework 3.8.3之前版本存在安全漏洞,该漏洞源于启用但不安全的管理端点很容易受到本地主机攻击。
CVSS Information
N/A
Vulnerability Type
N/A