Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
grist-core has path to server-side requests via websocket
Vulnerability Description
grist-core is a spreadsheet hosting server. Prior to version 1.7.7, a user with access to any document on a Grist installation can use a feature for fetching from a URL that is executed on the server. The privileged network access of server-side requests could offer opportunities for attack escalation. This issue is fixed in version 1.7.7. The mitigation was to use the proxy for untrusted fetches intended for such purposes. As a workaround, avoid making http/https endpoints available to an instance running Grist that expose credentials or operate without credentials.
CVSS Information
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:N
Vulnerability Type
服务端请求伪造(SSRF)
Vulnerability Title
Grist 代码问题漏洞
Vulnerability Description
Grist是Grist开源的一种现代关系电子表格。 Grist 1.7.7之前版本存在代码问题漏洞,该漏洞源于服务器端URL获取功能存在特权网络访问风险,可能导致攻击升级。
CVSS Information
N/A
Vulnerability Type
N/A