Submit #708995: mymagicpower AIAS <=1.0.0 SSRFinfo

Titelmymagicpower AIAS <=1.0.0 SSRF
BeschreibungA SSRF vulnerability was discovered on /api/asr/enAsrForLongAudioUrl, in latest version of AIAS. The target URI parameter for network requests is user-controllable and lacks sufficient security processing, resulting in an SSRF vulnerability that allows attackers to exploit this flaw to probe and exploit internal services of the target system.
Quelle⚠️ https://github.com/mymagicpower/AIAS/issues/55
Benutzer
 ZAST.AI (UID 87884)
Einreichung08.12.2025 08:45 (vor 5 Monaten)
Moderieren25.12.2025 13:48 (17 days later)
StatusDuplikat
VulDB Eintrag303689 [mymagicpower AIAS 20250308 AsrController.java url erweiterte Rechte]
Punkte0

ZurückÜbersichtWeiter

Want to stay up to date on a daily basis?

Enable the mail alert feature now!