Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Apache Allura: sensitive information exposure via DNS rebinding
Vulnerability Description
Import functionality is vulnerable to DNS rebinding attacks between verification and processing of the URL. Project administrators can run these imports, which could cause Allura to read from internal services and expose them. This issue affects Apache Allura from 1.0.1 through 1.16.0. Users are recommended to upgrade to version 1.17.0, which fixes the issue. If you are unable to upgrade, set "disable_entry_points.allura.importers = forge-tracker, forge-discussion" in your .ini config file.
CVSS Information
N/A
Vulnerability Type
输入验证不恰当
Vulnerability Title
Apache Allura 代码问题漏洞
Vulnerability Description
Apache Allura是美国阿帕奇(Apache)基金会的一套开源项目托管平台。该平台支持管理源代码存储库、错误报告、维基页面和博客等。 Apache Allura 1.0.1版本至1.16.0版本存在代码问题漏洞,该漏洞源于导入功能在 URL 验证和处理之间容易受到 DNS 重新绑定攻击。
CVSS Information
N/A
Vulnerability Type
N/A