漏洞信息
尽管我们使用了先进的大模型技术,但其输出仍可能包含不准确或过时的信息。神龙努力确保数据的准确性,但请您根据实际情况进行核实和判断。
Vulnerability Title
OpenHarness SSRF via web_fetch and web_search
Vulnerability Description
OpenHarness before commit bd4df81 contains a server-side request forgery vulnerability in the web_fetch and web_search tools that allows attackers to access private and localhost HTTP services by manipulating tool parameters without proper validation of target addresses. Attackers can influence an agent session to invoke these tools against loopback, RFC1918, link-local, or other non-public addresses to read response bodies from local development services, cloud metadata endpoints, admin panels, or other private HTTP services reachable from the victim host.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:L
Vulnerability Type
服务端请求伪造(SSRF)
Vulnerability Title
OpenHarness 安全漏洞
Vulnerability Description
OpenHarness是Data Intelligence Lab@HKU开源的一个轻量级智能体开发与运行框架。 OpenHarness存在安全漏洞,该漏洞源于web_fetch和web_search工具缺少目标地址验证,可能导致服务器端请求伪造攻击。
CVSS Information
N/A
Vulnerability Type
N/A