| Titel | AstrBotDevs AstrBot 4.22.1 Server-Side Request Forgery (SSRF) |
|---|
| Beschreibung | AstrBot versions up to and including 4.22.1 contain multiple Server-Side Request Forgery (SSRF) vulnerabilities. Several API endpoints accept user-controlled URLs or proxy parameters and make server-side HTTP requests without any URL validation, scheme restriction, or internal network access controls. An attacker can exploit this to access internal network services, cloud instance metadata endpoints, and other resources not intended to be publicly accessible. |
|---|
| Quelle | ⚠️ https://github.com/AstrBotDevs/AstrBot/issues/7171 |
|---|
| Benutzer | Yu_Bao (UID 89348) |
|---|
| Einreichung | 30.03.2026 05:51 (vor 15 Tagen) |
|---|
| Moderieren | 11.04.2026 10:50 (12 days later) |
|---|
| Status | Akzeptiert |
|---|
| VulDB Eintrag | 356979 [AstrBotDevs AstrBot bis 4.22.1 API Endpoint post_data.get erweiterte Rechte] |
|---|
| Punkte | 20 |
|---|