| عنوان | jeecgboot JeecgBoot <= v3.9.2 SSRF |
|---|
| الوصف | A Server-Side Request Forgery (SSRF) vulnerability exists in the /airag/airagModel/test endpoint of JeecgBoot. An authenticated attacker can provide a malicious baseUrl within the AiragModel request body. The application passes this URL to the langchain4j framework to initiate outbound HTTP requests without performing validation or sanitization. This allows attackers to probe internal network services, perform port scanning, or access sensitive cloud instance metadata (e.g., AWS/GCP metadata endpoints). Furthermore, the endpoint lacks permission annotations, allowing any authenticated user to trigger the flaw, and it persists the malicious configuration to the database, enabling stored SSRF.
|
|---|
| المصدر | ⚠️ https://github.com/jeecgboot/JeecgBoot/issues/9609 |
|---|
| المستخدم | Ana10gy (UID 93358) |
|---|
| ارسال | 08/05/2026 04:18 PM (1 شهر منذ) |
|---|
| الاعتدال | 31/05/2026 11:56 AM (23 days later) |
|---|
| الحالة | تمت الموافقة |
|---|
| إدخال VulDB | 367518 [JeecgBoot حتى 3.9.2 /airag/airagModel/test baseUrl تجاوز الصلاحيات] |
|---|
| النقاط | 20 |
|---|