Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
MyTube has Rate Limiting Bypass via X-Forwarded-For Header Spoofing
Vulnerability Description
MyTube is a self-hosted downloader and player for several video websites. Prior to version 1.7.71, a rate limiting bypass via `X-Forwarded-For` header spoofing allows unauthenticated attackers to bypass IP-based rate limiting on general API endpoints. Attackers can spoof client IPs by manipulating the `X-Forwarded-For` header, enabling unlimited requests to protected endpoints, including general API endpoints (enabling DoS) and other rate-limited functionality. Version 1.7.71 contains a patch for the issue.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L
Vulnerability Type
在安全决策中依赖未经信任的输入
Vulnerability Title
MyTube 安全漏洞
Vulnerability Description
MyTube是Peifan Li个人开发者的一个视频自托管下载器和播放器。 MyTube 1.7.71之前版本存在安全漏洞,该漏洞源于通过X-Forwarded-For标头欺骗可绕过速率限制,可能导致未经验证的攻击者绕过基于IP的速率限制,造成拒绝服务。
CVSS Information
N/A
Vulnerability Type
N/A