| عنوان | DataLinkDC dinky <=1.2.5 Server-Side Request Forgery |
|---|
| الوصف | A Server-Side Request Forgery (SSRF) vulnerability exists in the Flink Proxy Controller of Dinky. The proxy function accepts arbitrary URLs from authenticated users without validation, allowing attackers to make HTTP requests through the Dinky server to internal network resources, cloud metadata services, and localhost services. This can lead to credential theft, internal network reconnaissance, and lateral movement within the infrastructure.
|
|---|
| المصدر | ⚠️ https://github.com/AnalogyC0de/public_exp/issues/7 |
|---|
| المستخدم | Ana10gy (UID 93358) |
|---|
| ارسال | 13/02/2026 03:41 AM (4 أشهر منذ) |
|---|
| الاعتدال | 23/02/2026 06:50 PM (11 days later) |
|---|
| الحالة | تمت الموافقة |
|---|
| إدخال VulDB | 347410 [DataLinkDC dinky حتى 1.2.5 Flink Proxy Controller FlinkProxyController.java proxyUba تجاوز الصلاحيات] |
|---|
| النقاط | 20 |
|---|