Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Bullfrog's DNS over TCP bypasses domain filtering
Vulnerability Description
Bullfrog is a GithHb Action to block unauthorized outbound traffic in GitHub workflows. Prior to version 0.8.4, using tcp breaks blocking and allows DNS exfiltration. This can result in sandbox bypass. Version 0.8.4 fixes the issue.
CVSS Information
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Vulnerability Type
通过发送数据的信息暴露
Vulnerability Title
Bullfrog 安全漏洞
Vulnerability Description
Bullfrog是Bullfrog Security开源的一个简单的即插即用Github的工具。 Bullfrog 0.8.4之前版本存在安全漏洞,该漏洞源于TCP使用不当导致DNS数据渗漏,可能绕过沙箱限制。
CVSS Information
N/A
Vulnerability Type
N/A