Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
@misskey-dev/summaly Redirect Filter Bypass
Vulnerability Description
@misskey-dev/summaly is a tool for getting a summary of a web page. Starting in version 3.0.1 and prior to version 5.2.1, a logic error in the main `summaly` function causes the `allowRedirects` option to never be passed to any plugins, and as a result, isn't enforced. Misskey will follow redirects, despite explicitly requesting not to. Version 5.2.1 contains a patch for the issue.
CVSS Information
N/A
Vulnerability Type
保护机制失效
Vulnerability Title
summaly 安全漏洞
Vulnerability Description
summaly是Misskey开源的一个获取任何网页的摘要的工具。 summaly 3.0.1版本至5.2.1之前版本存在安全漏洞,该漏洞源于逻辑错误导致重定向控制不当,可能导致信息泄露。
CVSS Information
N/A
Vulnerability Type
N/A