漏洞信息
尽管我们使用了先进的大模型技术,但其输出仍可能包含不准确或过时的信息。神龙努力确保数据的准确性,但请您根据实际情况进行核实和判断。
Vulnerability Title
RansomLook - Improper Filtering of Private Location Entries in API Endpoints Leads to Information Exposure
Vulnerability Description
RansomLook is a tool to monitor Ransomware groups and markets and extract their victims. Prior to 1.9.0, the API in the affected application improperly filters private location entries in website/web/api/genericapi.py. Because the code removes elements from a list while iterating over it, entries marked as private may be unintentionally retained in API responses, allowing unauthorized disclosure of non-public location information. This vulnerability is fixed in 1.9.0.
CVSS Information
N/A
Vulnerability Type
信息暴露
Vulnerability Title
RansomLook 信息泄露漏洞
Vulnerability Description
RansomLook是RansomLook开源的一个勒索软件团伙与市场监控工具。 RansomLook 1.9.0之前版本存在信息泄露漏洞,该漏洞源于受影响应用程序中的API在website/web/api/genericapi.py中不当过滤私有位置条目,可能导致在迭代列表时删除元素,无意中在API响应中保留标记为私有的条目,从而未经授权披露非公开位置信息。
CVSS Information
N/A
Vulnerability Type
N/A