漏洞信息
尽管我们使用了先进的大模型技术,但其输出仍可能包含不准确或过时的信息。神龙努力确保数据的准确性,但请您根据实际情况进行核实和判断。
Vulnerability Title
Postiz allows header mutation in middleware facilitates resulting in SSRF
Vulnerability Description
Postiz is an AI social media scheduling tool. From 1.45.1 to 1.62.3, the Postiz frontend application allows an attacker to inject arbitrary HTTP headers into the middleware pipeline. This flaw enables a server-side request forgery (SSRF) condition, which can be exploited to initiate unauthorized outbound requests from the server hosting the Postiz application. This vulnerability is fixed in 1.62.3.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N
Vulnerability Type
服务端请求伪造(SSRF)
Vulnerability Title
Gitroom Postiz 代码问题漏洞
Vulnerability Description
Gitroom Postiz是Gitroom开源的一个社交媒体日程安排工具。 Gitroom Postiz 1.45.1至1.62.3版本存在代码问题漏洞,该漏洞源于HTTP头注入,可能导致服务端请求伪造。
CVSS Information
N/A
Vulnerability Type
N/A