Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
trueleaf ApiFlow URL Validation http_proxy.service.ts validateUrlSecurity server-side request forgery
Vulnerability Description
A vulnerability was determined in trueleaf ApiFlow 0.9.7. The impacted element is the function validateUrlSecurity of the file packages/server/src/service/proxy/http_proxy.service.ts of the component URL Validation Handler. This manipulation causes server-side request forgery. Remote exploitation of the attack is possible. The exploit has been publicly disclosed and may be utilized.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
Vulnerability Type
服务端请求伪造(SSRF)
Vulnerability Title
ApiFlow 代码问题漏洞
Vulnerability Description
ApiFlow是ApiFlow开源的一个API开发协作平台。 ApiFlow 0.9.7版本存在代码问题漏洞,该漏洞源于URL Validation Handler组件文件packages/server/src/service/proxy/http_proxy.service.ts中函数validateUrlSecurity存在服务端请求伪造,可能导致远程执行任意代码。
CVSS Information
N/A
Vulnerability Type
N/A