Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
ThingsBoard < v4.2.1 SVG Image SSRF
Vulnerability Description
ThingsBoard versions < 4.2.1 contain a server-side request forgery (SSRF) vulnerability in the dashboard's Image Upload Gallery feature. An attacker can upload a malicious SVG file that references a remote URL. If the server processes the SVG file in a way that parses external references, it may initiate unintended outbound requests. This can be used to access internal services or resources.
CVSS Information
N/A
Vulnerability Type
服务端请求伪造(SSRF)
Vulnerability Title
ThingsBoard 安全漏洞
Vulnerability Description
ThingsBoard是ThingsBoard团队的一个基于Java用于IOT设备进行监控、管理、数据收集的平台。 ThingsBoard 4.2.1之前版本存在安全漏洞,该漏洞源于仪表板的Image Upload Gallery功能存在服务器端请求伪造,可能导致访问内部服务或资源。
CVSS Information
N/A
Vulnerability Type
N/A