| عنوان | decolua 9router >= 0.2.72, < 0.4.1 Origin Validation Error |
|---|
| الوصف | An authentication bypass vulnerability exists in 9Router in versions >= 0.2.72 and < 0.4.1 due to improper origin validation using the HTTP Host header. The application incorrectly treats requests with a spoofed Host value as trusted local requests, allowing remote attackers to bypass authentication checks. This issue enables unauthorized access to sensitive API endpoints, potentially exposing API keys and allowing modification of system configuration. |
|---|
| المصدر | ⚠️ https://github.com/decolua/9router/issues/742 |
|---|
| المستخدم | brad (UID 97565) |
|---|
| ارسال | 11/05/2026 03:49 AM (29 أيام منذ) |
|---|
| الاعتدال | 31/05/2026 04:11 PM (21 days later) |
|---|
| الحالة | تمت الموافقة |
|---|
| إدخال VulDB | 367548 [decolua 9router حتى 0.4.0 HTTP Header src/dashboardGuard.js isAuthenticated Host تجاوز الصلاحيات] |
|---|
| النقاط | 20 |
|---|