Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Soft Serve is vulnerable to SSRF through its Webhooks
Vulnerability Description
Soft Serve is a self-hostable Git server for the command line. Versions prior to 0.11.1 have a SSRF vulnerability where webhook URLs are not validated, allowing repository administrators to create webhooks targeting internal services, private networks, and cloud metadata endpoints. Version 0.11.1 fixes the vulnerability.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:L/A:L
Vulnerability Type
服务端请求伪造(SSRF)
Vulnerability Title
Soft Serve 代码问题漏洞
Vulnerability Description
Soft Serve是Charm开源的一个可自托管的命令行 Git 服务器。 Soft Serve 0.11.1之前版本存在代码问题漏洞,该漏洞源于未验证webhook URL,可能导致服务端请求伪造攻击。
CVSS Information
N/A
Vulnerability Type
N/A