漏洞信息
尽管我们使用了先进的大模型技术,但其输出仍可能包含不准确或过时的信息。神龙努力确保数据的准确性,但请您根据实际情况进行核实和判断。
Vulnerability Title
N/A
Vulnerability Description
Versions of the package hackney before 1.21.0 are vulnerable to Server-side Request Forgery (SSRF) due to improper parsing of URLs by URI built-in module and hackey. Given the URL http://127.0.0.1?@127.2.2.2/, the URI function will parse and see the host as 127.0.0.1 (which is correct), and hackney will refer the host as 127.2.2.2/. This vulnerability can be exploited when users rely on the URL function for host checking.
CVSS Information
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:L
Vulnerability Type
服务端请求伪造(SSRF)
Vulnerability Title
Hackney 安全漏洞
Vulnerability Description
Hackney是Hackney公司的一个程序库。 Hackney存在安全漏洞,该漏洞源于URI内置模块和hackey对URL的解析不正确,容易受到服务器端请求伪造(SSRF)攻击。
CVSS Information
N/A
Vulnerability Type
N/A