LinkAce's SSRF protection can be bypassed via internal hostname resolution in LinkAce

LinkAce is a self-hosted archive to collect website links. Versions prior to 2.5.3 block direct requests to private IP literals, but still performs server-side requests to internal-only resources when those resources are referenced through an internal hostname. This allows an authenticated user to trigger server-side requests to internal services reachable by the LinkAce server but not directly reachable by an external user. Version 2.5.3 patches the issue.

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:L/A:N

服务端请求伪造(SSRF)

LinkAce 代码问题漏洞

LinkAce是Kevin Woblick个人开发者的一个自托管档案库，用于收集您最喜爱的网站的链接。 LinkAce 2.5.3之前版本存在代码问题漏洞，该漏洞源于仍会对内部主机名引用的内部资源执行服务器端请求，可能导致经过身份验证的用户触发对LinkAce服务器可达但外部用户不可达的内部服务的服务器端请求。

N/A

N/A