漏洞信息
尽管我们使用了先进的大模型技术,但其输出仍可能包含不准确或过时的信息。神龙努力确保数据的准确性,但请您根据实际情况进行核实和判断。
Vulnerability Title
Drawing-Captcha APP Host Header Injection in `/register` and `/confirm-email` Endpoints
Vulnerability Description
Drawing-Captcha APP provides interactive, engaging verification for Web-Based Applications. The vulnerability is a Host Header Injection in the /register and /confirm-email endpoints. It allows an attacker to manipulate the Host header in HTTP requests to generate malicious email confirmation links. These links can redirect users to attacker-controlled domains. This vulnerability affects all users relying on email confirmation for account registration or verification. This vulnerability is fixed in 1.2.5-alpha-patch.
CVSS Information
N/A
Vulnerability Type
指向未可信站点的URL重定向(开放重定向)
Vulnerability Title
Drawing-Captcha APP 输入验证错误漏洞
Vulnerability Description
Drawing-Captcha APP是Drawing Captcha开源的一个验证码应用。 Drawing-Captcha APP存在输入验证错误漏洞,该漏洞源于/register和/confirm-email端点存在主机标头注入,可能导致用户被重定向到攻击者控制的域。
CVSS Information
N/A
Vulnerability Type
N/A