Enviar #768043: Bytedesk <=1.3.9 SSRFinformación

TítuloBytedesk <=1.3.9 SSRF
DescripciónThe endpoint GET /openrouter/api/v1/models accepts a user-supplied apiUrl parameter and passes it directly to a RestTemplate.exchange() call without validation or allowlist enforcement. An attacker supplies an attacker-controlled URL, causing the server to issue an outbound HTTP request to an arbitrary host. DNS callback logs confirm the SSRF, enabling internal network scanning, cloud metadata access, or credential theft.
Fuente⚠️ https://github.com/Bytedesk/bytedesk/issues/20
Usuario
 ZAST.AI (UID 87884)
Sumisión2026-02-26 07:19 (hace 1 mes)
Moderación2026-03-08 08:20 (10 days later)
EstadoAceptado
Entrada de VulDB349755 [Bytedesk hasta 1.3.9 SpringAIOpenrouterRestController SpringAIOpenrouterRestService.java getModels apiUrl escalada de privilegios]
Puntos19

AnteriorVisión De ConjuntoPróximo

Do you want to use VulDB in your project?

Use the official API to access entries easily!