漏洞信息
尽管我们使用了先进的大模型技术,但其输出仍可能包含不准确或过时的信息。神龙努力确保数据的准确性,但请您根据实际情况进行核实和判断。
Vulnerability Title
Frigate has SSRF vulnerability in /ffprobe endpoint
Vulnerability Description
Frigate is a network video recorder (NVR) with realtime local object detection for IP cameras. Prior to version 0.16.3, the /ffprobe endpoint accepts arbitrary user-controlled URLs without proper validation, allowing Server-Side Request Forgery (SSRF) attacks. An attacker can use the Frigate server to make HTTP requests to internal network resources, cloud metadata services, or perform port scanning. This issue has been patched in version 0.16.3.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:L/A:N
Vulnerability Type
服务端请求伪造(SSRF)
Vulnerability Title
Frigate 代码问题漏洞
Vulnerability Description
Frigate是Blake Blackshear个人开发者的一款专为具有 AI 对象检测功能的家庭助理设计的完整本地 NVR。 Frigate 0.16.3之前版本存在代码问题漏洞,该漏洞源于/ffprobe端点接受任意用户控制的URL,可能导致服务端请求伪造攻击。
CVSS Information
N/A
Vulnerability Type
N/A