Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Unfurl - Werkzeug Debugger Exposure via String Config Parsing
Vulnerability Description
Unfurl through 2025.08 contains an improper input validation vulnerability in config parsing that enables Flask debug mode by default. The debug configuration value is read as a string and passed directly to app.run(), causing any non-empty string to evaluate truthy, allowing attackers to access the Werkzeug debugger and disclose sensitive information or achieve remote code execution.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
Vulnerability Type
遗留的调试代码
Vulnerability Title
Unfurl 安全漏洞
Vulnerability Description
Unfurl是Ryan Benson个人开发者的一个URL数据提取与可视化分析工具。 Unfurl 2025.08及之前版本存在安全漏洞,该漏洞源于配置解析中存在输入验证不当问题,默认启用Flask调试模式,可能导致攻击者访问Werkzeug调试器并泄露敏感信息或实现远程代码执行。
CVSS Information
N/A
Vulnerability Type
N/A