漏洞信息
尽管我们使用了先进的大模型技术,但其输出仍可能包含不准确或过时的信息。神龙努力确保数据的准确性,但请您根据实际情况进行核实和判断。
Vulnerability Title
Statamic Vulnerable to Server-Side Request Forgery via Glide
Vulnerability Description
Statmatic is a Laravel and Git powered content management system (CMS). Prior to versions 5.73.11 and 6.4.0, when Glide image manipulation is used in insecure mode (which is not the default), the image proxy can be abused by an unauthenticated user to make the server send HTTP requests to arbitrary URLs—either via the URL directly or via the watermark feature. That can allow access to internal services, cloud metadata endpoints, and other hosts reachable from the server. This has been fixed in 5.73.11 and 6.4.0.
CVSS Information
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:N
Vulnerability Type
服务端请求伪造(SSRF)
Vulnerability Title
cms 代码问题漏洞
Vulnerability Description
cms是Statamic开源的一个软件包。 cms 5.73.11之前版本和6.4.0之前版本存在代码问题漏洞,该漏洞源于在不安全模式下使用Glide图像处理时,图像代理可能被滥用以向任意URL发送HTTP请求,可能导致访问内部服务、云元数据端点和其他可从服务器访问的主机。
CVSS Information
N/A
Vulnerability Type
N/A