Enviar #641128: langfuse https://github.com/langfuse/langfuse <=3.88.0 SSRFinformación

Títulolangfuse https://github.com/langfuse/langfuse <=3.88.0 SSRF
DescripciónA SSRF vulnerability was discovered on the endpoint /api/trpc/prompts.create (tested on v3.88.0). The target URI parameter for network requests is user-controllable and lacks sufficient security processing, resulting in an SSRF vulnerability that allows attackers to exploit this flaw to probe and exploit internal services of the target system.
Fuente⚠️ https://github.com/langfuse/langfuse/issues/8522
Usuario
 ZAST.AI (UID 87884)
Sumisión2025-08-25 12:47 (hace 10 meses)
Moderación2025-09-01 14:24 (7 days later)
EstadoAceptado
Entrada de VulDB322114 [Langfuse hasta 3.88.0 Webhook promptRouter.ts promptChangeEventSourcing escalada de privilegios]
Puntos19

AnteriorVisión De ConjuntoPróximo

Want to stay up to date on a daily basis?

Enable the mail alert feature now!