Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
txtdot SSRF vulnerability in /get
Vulnerability Description
txtdot is an HTTP proxy that parses only text, links, and pictures from pages, removing ads and heavy scripts. Prior to version 1.7.0, a Server-Side Request Forgery (SSRF) vulnerability in the `/get` route of txtdot allows remote attackers to use the server as a proxy to send HTTP GET requests to arbitrary targets and retrieve information in the internal network. Version 1.7.0 prevents displaying the response of forged requests, but the requests can still be sent. For complete mitigation, a firewall between txtdot and other internal network resources should be set.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Vulnerability Type
服务端请求伪造(SSRF)
Vulnerability Title
TxtDot 安全漏洞
Vulnerability Description
TxtDot是TxtDot开源的一个 HTTP 代理。 TxtDot 1.7.0之前版本存在安全漏洞。远程攻击者利用该漏洞使用服务器作为代理向任意目标发送HTTP GET请求,并在内部网络中检索信息。
CVSS Information
N/A
Vulnerability Type
N/A