Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
TrueLayer.Client SSRF when fetching payment or payment provider
Vulnerability Description
TrueLayer.NET is the .Net client for TrueLayer. The vulnerability could potentially allow a malicious actor to gain control over the destination URL of the HttpClient used in the API classes. For applications using the SDK, requests to unexpected resources on local networks or to the internet could be made which could lead to information disclosure. The issue can be mitigated by having strict egress rules limiting the destinations to which requests can be made, and applying strict validation to any user input passed to the `truelayer-dotnet` library. Versions of TrueLayer.Client `v1.6.0` and later are not affected.
CVSS Information
N/A
Vulnerability Type
服务端请求伪造(SSRF)
Vulnerability Title
TrueLayer.NET 代码问题漏洞
Vulnerability Description
TrueLayer.NET是英国TrueLayer公司的一个 TrueLayer 的 .Net 客户端。 TrueLayer.NET 存在代码问题漏洞。攻击者利用该漏洞获得对 API 类中使用的 HttpClient 的目标 URL 的控制权。
CVSS Information
N/A
Vulnerability Type
N/A