Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Lemmy's Activitypub-Federation has SSRF via 0.0.0.0 bypass in activitypub-federation-rust v4_is_invalid()
Vulnerability Description
Lemmy is a link aggregator and forum for the fediverse. Prior to version 0.7.0-beta.9, the `v4_is_invalid()` function in `activitypub-federation-rust` (`src/utils.rs`) does not check for `Ipv4Addr::UNSPECIFIED` (0.0.0.0). An unauthenticated attacker controlling a remote domain can point it to 0.0.0.0, bypass the SSRF protection introduced by the fix for CVE-2025-25194 (GHSA-7723-35v7-qcxw), and reach localhost services on the target server. Version 0.7.0-beta.9 patches the issue.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
Vulnerability Type
服务端请求伪造(SSRF)
Vulnerability Title
Lemmy 代码问题漏洞
Vulnerability Description
Lemmy是Lemmy开源的一款用于构建社交新闻聚合器和网络论坛的自由软件。 Lemmy 0.7.0-beta.9之前版本存在代码问题漏洞,该漏洞源于v4_is_invalid函数未检查0.0.0.0地址,可能导致未经验证的攻击者绕过SSRF保护并访问本地主机服务。
CVSS Information
N/A
Vulnerability Type
N/A