Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
OpenCTI vulnerable to Denial of Service through web hook
Vulnerability Description
OpenCTI is an open source platform for managing cyber threat intelligence knowledge and observables. Prior to version 6.5.2, any user with the capability manage customizations can edit webhook that will execute javascript code. This can be abused to cause a denial of service attack by prototype pollution, making the node js server running the OpenCTI frontend become unavailable. Version 6.5.2 fixes the issue.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:N/I:L/A:H
Vulnerability Type
对生成代码的控制不恰当(代码注入)
Vulnerability Title
OpenCTI 代码注入漏洞
Vulnerability Description
OpenCTI是OpenCTI开源的一个开放网络威胁情报平台。 OpenCTI 6.5.2之前版本存在代码注入漏洞,该漏洞源于用户可编辑执行JavaScript代码的Webhook,可能导致拒绝服务攻击。
CVSS Information
N/A
Vulnerability Type
N/A