Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Woahai321 ListSync JSON api_server.py requests.post server-side request forgery
Vulnerability Description
A vulnerability has been found in Woahai321 ListSync up to 0.6.6. This issue affects the function requests.post of the file list-sync-main/api_server.py of the component JSON Handler. The manipulation leads to server-side request forgery. The attack is possible to be carried out remotely. The exploit has been disclosed to the public and may be used. The project was informed of the problem early through an issue report but has not responded yet.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
Vulnerability Type
服务端请求伪造(SSRF)
Vulnerability Title
list-sync 代码问题漏洞
Vulnerability Description
list-sync是WoahAI个人开发者的一个自动同步媒体服务器与观影清单的工具。 list-sync 0.6.6及之前版本存在代码问题漏洞,该漏洞源于对组件JSON Handler中文件list-sync-main/api_server.py函数requests.post的错误操作,可能导致服务端请求伪造。
CVSS Information
N/A
Vulnerability Type
N/A