漏洞信息
尽管我们使用了先进的大模型技术,但其输出仍可能包含不准确或过时的信息。神龙努力确保数据的准确性,但请您根据实际情况进行核实和判断。
Vulnerability Title
SSRF via Jint Scripting Engine HTTP Functions Due to Missing SSRF Protection on "Jint" HttpClient
Vulnerability Description
Squidex is an open source headless content management system and content management hub. Versions prior to 7.23.0 have a Server-Side Request Forgery (SSRF) vulnerability due to missing SSRF protection on the `Jint` HTTP client used by scripting engine functions (`getJSON`, `request`, etc.). An authenticated user with low privileges (e.g., schema editing permissions) can force the server to make arbitrary outbound HTTP requests to attacker-controlled or internal endpoints. This allows access to internal services and cloud metadata endpoints (e.g., IMDS), potentially leading to credential exposure and lateral movement. Version 7.23.0 contains a fix.
CVSS Information
N/A
Vulnerability Type
服务端请求伪造(SSRF)
Vulnerability Title
Squidex 代码问题漏洞
Vulnerability Description
Squidex是Squidex开源的一个内容管理系统。 Squidex 7.23.0之前版本存在代码问题漏洞,该漏洞源于Jint HTTP客户端缺少服务端请求伪造保护,可能导致具有低权限的认证用户强制服务器向攻击者控制或内部端点发出任意出站HTTP请求。
CVSS Information
N/A
Vulnerability Type
N/A