Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Fedify has an Infinite loop and Blind SSRF found inside the Webfinger mechanism
Vulnerability Description
Fedify is a TypeScript library for building federated server apps powered by ActivityPub and other standards. This vulnerability allows a user to maneuver the Webfinger mechanism to perform a GET request to any internal resource on any Host, Port, URL combination regardless of present security mechanisms, and forcing the victim’s server into an infinite loop causing Denial of Service. Moreover, this issue can also be maneuvered into performing a Blind SSRF attack. This vulnerability is fixed in 1.0.14, 1.1.11, 1.2.11, and 1.3.4.
CVSS Information
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:N/A:L
Vulnerability Type
不可达退出条件的循环(无限循环)
Vulnerability Title
Fedify 安全漏洞
Vulnerability Description
Fedify是Hong Minhee个人开发者的一个 TypeScript 库。用于构建由 ActivityPub 和其他标准支持的联邦服务器应用程序。 Fedify存在安全漏洞,该漏洞源于允许用户操纵 Webfinger 机制,对任何主机、端口、URL 组合上的任何内部资源执行 GET 请求,从而导致拒绝服务。
CVSS Information
N/A
Vulnerability Type
N/A