Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Server-Side Request Forgery (SSRF) on redirects and federation in Matrix Media Repo
Vulnerability Description
Matrix Media Repo (MMR) is a highly configurable multi-homeserver media repository for Matrix. Matrix Media Repo (MMR) is vulnerable to server-side request forgery, serving content from a private network it can access, under certain conditions. This is fixed in MMR v1.3.8. Users are advised to upgrade. Restricting which hosts MMR is allowed to contact via (local) firewall rules or a transparent proxy and may provide a workaround for users unable to upgrade.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N
Vulnerability Type
服务端请求伪造(SSRF)
Vulnerability Title
matrix-media-repo 代码问题漏洞
Vulnerability Description
matrix-media-repo是t2bot.io开源的一个 Matrix 的高度可配置多域媒体存储库。 matrix-media-repo v1.3.8之前版本存在代码问题漏洞,该漏洞源于容易受到服务器端请求伪造攻击,在某些条件下会从其可以访问的私有网络提供内容。
CVSS Information
N/A
Vulnerability Type
N/A