Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Sonicverse has Server-Side Request Forgery via user-controlled URLs in dashboard API client
Vulnerability Description
Sonicverse is a Self-hosted Docker Compose stack for live radio streaming. The Sonicverse Radio Audio Streaming Stack dashboard contains a Server-Side Request Forgery (SSRF) vulnerability in its API client (apps/dashboard/lib/api.ts). Installations created using the provided install.sh script (including the one‑liner bash <(curl -fsSL https://sonicverse.short.gy/install-audiostack)) are affected. In these deployments, the dashboard accepts user-controlled URLs and passes them directly to a server-side HTTP client without sufficient validation. An authenticated operator can abuse this to make arbitrary HTTP requests from the dashboard backend to internal or external systems. This vulnerability is fixed with commit cb1ddbacafcb441549fe87d3eeabdb6a085325e4.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:L
Vulnerability Type
服务端请求伪造(SSRF)
Vulnerability Title
Sonicverse 代码问题漏洞
Vulnerability Description
Sonicverse是Sonicverse开源的一个自托管实时电台音频流媒体解决方案。 Sonicverse存在代码问题漏洞,该漏洞源于API客户端接受用户控制的URL且验证不足,可能导致经过身份验证的操作员从仪表板后端发起任意HTTP请求。
CVSS Information
N/A
Vulnerability Type
N/A