| عنوان | router-for-me CLIProxyAPI 6.9.29 Server-Side Request Forgery |
|---|
| الوصف | CLIProxyAPI is a proxy server that provides OpenAI/Gemini/Claude/Codex compatible API interfaces for CLI.In the internal/api/handlers/management/api_tools.go file, the application does not fully verify and filter the URL parameters provided by the user, and directly uses them to initiate server requests.The vulnerability allows an attacker to convince a server to make an unauthorized HTTP request to an internal or external system. Attackers can use this vulnerability to access services and sensitive data on the internal network where the server is located, scan internal network ports and services, bypass firewalls to access restricted resources, and initiate requests to third-party systems (which may cause business impact). |
|---|
| المصدر | ⚠️ https://github.com/m3ngx1ng/cve/blob/main/CLIProxyAPI-SSRF.md |
|---|
| المستخدم | m3x1 (UID 92411) |
|---|
| ارسال | 19/04/2026 11:59 AM (2 أشهر منذ) |
|---|
| الاعتدال | 07/05/2026 02:12 PM (18 days later) |
|---|
| الحالة | تمت الموافقة |
|---|
| إدخال VulDB | 361836 [router-for-me CLIProxyAPI 6.9.29 API Interface api_tools.go url تجاوز الصلاحيات] |
|---|
| النقاط | 20 |
|---|