Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
TruffleHog has a Blind SSRF in some Detectors
Vulnerability Description
TruffleHog is a secrets scanning tool. Prior to v3.81.9, this vulnerability allows a malicious actor to craft data in a way that, when scanned by specific detectors, could trigger the detector to make an unauthorized request to an endpoint chosen by the attacker. For an exploit to be effective, the target endpoint must be an unauthenticated GET endpoint that produces side effects. The victim must scan the maliciously crafted data and have such an endpoint targeted for the exploit to succeed. The vulnerability has been resolved in TruffleHog v3.81.9 and later versions.
CVSS Information
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:N/I:L/A:N
Vulnerability Type
服务端请求伪造(SSRF)
Vulnerability Title
TruffleHog 安全漏洞
Vulnerability Description
TruffleHog是Truffle Security开源的一个工具。 TruffleHog v3.81.9之前版本存在安全漏洞。攻击者利用该漏洞以某种方式制作数据,当特定检测器扫描到该数据时,会向攻击者选择的端点发出未经授权的请求。
CVSS Information
N/A
Vulnerability Type
N/A