Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
ChangeDetection.io < 0.54.7 SafeXPath3Parser Bypass Arbitrary File Read
Vulnerability Description
ChangeDetection.io versions prior to 0.54.7 contain a protection bypass vulnerability in the SafeXPath3Parser implementation that allows attackers to read arbitrary local files by using unblocked XPath 3.0/3.1 functions such as json-doc() and similar file-access primitives. Attackers can exploit the incomplete blocklist of dangerous XPath functions to access sensitive data from the local filesystem.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Vulnerability Type
不完整的黑名单
Vulnerability Title
changedetection.io 安全漏洞
Vulnerability Description
changedetection.io是dgtlmoon个人开发者的一个网站变更检测、监控和通知应用程序。 ChangeDetection.io 0.54.7之前版本存在安全漏洞,该漏洞源于SafeXPath3Parser实现存在保护绕过,可能导致攻击者使用未阻止的XPath函数读取任意本地文件。
CVSS Information
N/A
Vulnerability Type
N/A