漏洞信息
尽管我们使用了先进的大模型技术,但其输出仍可能包含不准确或过时的信息。神龙努力确保数据的准确性,但请您根据实际情况进行核实和判断。
Vulnerability Title
MyTube has Rate Limiting Bypass via X-Forwarded-For Header Spoofing
Vulnerability Description
MyTube is a self-hosted downloader and player for several video websites. Prior to version 1.7.71, a rate limiting bypass via `X-Forwarded-For` header spoofing allows unauthenticated attackers to bypass IP-based rate limiting on general API endpoints. Attackers can spoof client IPs by manipulating the `X-Forwarded-For` header, enabling unlimited requests to protected endpoints, including general API endpoints (enabling DoS) and other rate-limited functionality. Version 1.7.71 contains a patch for the issue.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L
Vulnerability Type
在安全决策中依赖未经信任的输入
Vulnerability Title
MyTube 安全漏洞
Vulnerability Description
MyTube是Peifan Li个人开发者的一个视频自托管下载器和播放器。 MyTube 1.7.71之前版本存在安全漏洞,该漏洞源于通过X-Forwarded-For标头欺骗可绕过速率限制,可能导致未经验证的攻击者绕过基于IP的速率限制,造成拒绝服务。
CVSS Information
N/A
Vulnerability Type
N/A